github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-26 11:01:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

documentation update v1.4.4

Browse Source
This commit is contained in:
Jeremy Long
2016-11-05 09:41:16 -04:00
parent e1a447f722
commit a1b5e3f7b0
1217 changed files with 79708 additions and 51391 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
xref/org/owasp/dependencycheck/analyzer/AbstractAnalyzer.html
View File

@@ -54,7 +54,15 @@
<a class="jxr_linenumber" name="L46" href="#L46">46</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> close() <strong class="jxr_keyword">throws</strong> Exception {
<a class="jxr_linenumber" name="L47" href="#L47">47</a> <em class="jxr_comment">//do nothing</em>
<a class="jxr_linenumber" name="L48" href="#L48">48</a> }
<a class="jxr_linenumber" name="L49" href="#L49">49</a> }
<a class="jxr_linenumber" name="L49" href="#L49">49</a>
<a class="jxr_linenumber" name="L50" href="#L50">50</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L51" href="#L51">51</a> <em class="jxr_javadoccomment"> * The default is to support parallel processing.</em>
<a class="jxr_linenumber" name="L52" href="#L52">52</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L53" href="#L53">53</a> @Override
<a class="jxr_linenumber" name="L54" href="#L54">54</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">boolean</strong> supportsParallelProcessing() {
<a class="jxr_linenumber" name="L55" href="#L55">55</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">true</strong>;
<a class="jxr_linenumber" name="L56" href="#L56">56</a> }
<a class="jxr_linenumber" name="L57" href="#L57">57</a> }
</pre>
<hr/>
<div id="footer">Copyright &#169; 2012&#x2013;2016 <a href="http://www.owasp.org">OWASP</a>. All rights reserved.</div>

2
xref/org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzer.html
View File

@@ -91,7 +91,7 @@
<a class="jxr_linenumber" name="L83" href="#L83">83</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L84" href="#L84">84</a> <em class="jxr_javadoccomment"> * A flag indicating whether or not the analyzer is enabled.</em>
<a class="jxr_linenumber" name="L85" href="#L85">85</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L86" href="#L86">86</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">boolean</strong> enabled = <strong class="jxr_keyword">true</strong>;
<a class="jxr_linenumber" name="L86" href="#L86">86</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">volatile</strong> <strong class="jxr_keyword">boolean</strong> enabled = <strong class="jxr_keyword">true</strong>;
<a class="jxr_linenumber" name="L87" href="#L87">87</a>
<a class="jxr_linenumber" name="L88" href="#L88">88</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L89" href="#L89">89</a> <em class="jxr_javadoccomment"> * Get the value of enabled.</em>

79
xref/org/owasp/dependencycheck/analyzer/AbstractSuppressionAnalyzer.html
View File

@@ -163,42 +163,49 @@
<a class="jxr_linenumber" name="L155" href="#L155">155</a> }
<a class="jxr_linenumber" name="L156" href="#L156">156</a> }
<a class="jxr_linenumber" name="L157" href="#L157">157</a> <strong class="jxr_keyword">if</strong> (file != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="L158" href="#L158">158</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L159" href="#L159">159</a> rules.addAll(parser.parseSuppressionRules(file));
<a class="jxr_linenumber" name="L160" href="#L160">160</a> LOGGER.debug(<span class="jxr_string">"{} suppression rules were loaded."</span>, rules.size());
<a class="jxr_linenumber" name="L161" href="#L161">161</a> } <strong class="jxr_keyword">catch</strong> (SuppressionParseException ex) {
<a class="jxr_linenumber" name="L162" href="#L162">162</a> LOGGER.warn(<span class="jxr_string">"Unable to parse suppression xml file '{}'"</span>, file.getPath());
<a class="jxr_linenumber" name="L163" href="#L163">163</a> LOGGER.warn(ex.getMessage());
<a class="jxr_linenumber" name="L164" href="#L164">164</a> <strong class="jxr_keyword">throw</strong> ex;
<a class="jxr_linenumber" name="L165" href="#L165">165</a> }
<a class="jxr_linenumber" name="L166" href="#L166">166</a> }
<a class="jxr_linenumber" name="L167" href="#L167">167</a> } <strong class="jxr_keyword">catch</strong> (DownloadFailedException ex) {
<a class="jxr_linenumber" name="L168" href="#L168">168</a> throwSuppressionParseException(<span class="jxr_string">"Unable to fetch the configured suppression file"</span>, ex);
<a class="jxr_linenumber" name="L169" href="#L169">169</a> } <strong class="jxr_keyword">catch</strong> (MalformedURLException ex) {
<a class="jxr_linenumber" name="L170" href="#L170">170</a> throwSuppressionParseException(<span class="jxr_string">"Configured suppression file has an invalid URL"</span>, ex);
<a class="jxr_linenumber" name="L171" href="#L171">171</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
<a class="jxr_linenumber" name="L172" href="#L172">172</a> throwSuppressionParseException(<span class="jxr_string">"Unable to create temp file for suppressions"</span>, ex);
<a class="jxr_linenumber" name="L173" href="#L173">173</a> } <strong class="jxr_keyword">finally</strong> {
<a class="jxr_linenumber" name="L174" href="#L174">174</a> <strong class="jxr_keyword">if</strong> (deleteTempFile &amp;&amp; file != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="L175" href="#L175">175</a> FileUtils.delete(file);
<a class="jxr_linenumber" name="L176" href="#L176">176</a> }
<a class="jxr_linenumber" name="L177" href="#L177">177</a> }
<a class="jxr_linenumber" name="L178" href="#L178">178</a> }
<a class="jxr_linenumber" name="L179" href="#L179">179</a>
<a class="jxr_linenumber" name="L180" href="#L180">180</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L181" href="#L181">181</a> <em class="jxr_javadoccomment"> * Utility method to throw parse exceptions.</em>
<a class="jxr_linenumber" name="L182" href="#L182">182</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L183" href="#L183">183</a> <em class="jxr_javadoccomment"> * @param message the exception message</em>
<a class="jxr_linenumber" name="L184" href="#L184">184</a> <em class="jxr_javadoccomment"> * @param exception the cause of the exception</em>
<a class="jxr_linenumber" name="L185" href="#L185">185</a> <em class="jxr_javadoccomment"> * @throws SuppressionParseException throws the generated</em>
<a class="jxr_linenumber" name="L186" href="#L186">186</a> <em class="jxr_javadoccomment"> * SuppressionParseException</em>
<a class="jxr_linenumber" name="L187" href="#L187">187</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L188" href="#L188">188</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> throwSuppressionParseException(String message, Exception exception) <strong class="jxr_keyword">throws</strong> SuppressionParseException {
<a class="jxr_linenumber" name="L189" href="#L189">189</a> LOGGER.warn(message);
<a class="jxr_linenumber" name="L190" href="#L190">190</a> LOGGER.debug(<span class="jxr_string">""</span>, exception);
<a class="jxr_linenumber" name="L191" href="#L191">191</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/xml/suppression/SuppressionParseException.html">SuppressionParseException</a>(message, exception);
<a class="jxr_linenumber" name="L192" href="#L192">192</a> }
<a class="jxr_linenumber" name="L193" href="#L193">193</a> }
<a class="jxr_linenumber" name="L158" href="#L158">158</a> <strong class="jxr_keyword">if</strong> (!file.exists()) {
<a class="jxr_linenumber" name="L159" href="#L159">159</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"Suppression file '%s' does not exists"</span>, file.getPath());
<a class="jxr_linenumber" name="L160" href="#L160">160</a> LOGGER.warn(msg);
<a class="jxr_linenumber" name="L161" href="#L161">161</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/xml/suppression/SuppressionParseException.html">SuppressionParseException</a>(msg);
<a class="jxr_linenumber" name="L162" href="#L162">162</a> }
<a class="jxr_linenumber" name="L163" href="#L163">163</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L164" href="#L164">164</a> rules.addAll(parser.parseSuppressionRules(file));
<a class="jxr_linenumber" name="L165" href="#L165">165</a> LOGGER.debug(<span class="jxr_string">"{} suppression rules were loaded."</span>, rules.size());
<a class="jxr_linenumber" name="L166" href="#L166">166</a> } <strong class="jxr_keyword">catch</strong> (SuppressionParseException ex) {
<a class="jxr_linenumber" name="L167" href="#L167">167</a> LOGGER.warn(<span class="jxr_string">"Unable to parse suppression xml file '{}'"</span>, file.getPath());
<a class="jxr_linenumber" name="L168" href="#L168">168</a> LOGGER.warn(ex.getMessage());
<a class="jxr_linenumber" name="L169" href="#L169">169</a> <strong class="jxr_keyword">throw</strong> ex;
<a class="jxr_linenumber" name="L170" href="#L170">170</a> }
<a class="jxr_linenumber" name="L171" href="#L171">171</a> }
<a class="jxr_linenumber" name="L172" href="#L172">172</a> } <strong class="jxr_keyword">catch</strong> (DownloadFailedException ex) {
<a class="jxr_linenumber" name="L173" href="#L173">173</a> throwSuppressionParseException(<span class="jxr_string">"Unable to fetch the configured suppression file"</span>, ex);
<a class="jxr_linenumber" name="L174" href="#L174">174</a> } <strong class="jxr_keyword">catch</strong> (MalformedURLException ex) {
<a class="jxr_linenumber" name="L175" href="#L175">175</a> throwSuppressionParseException(<span class="jxr_string">"Configured suppression file has an invalid URL"</span>, ex);
<a class="jxr_linenumber" name="L176" href="#L176">176</a> } <strong class="jxr_keyword">catch</strong> (SuppressionParseException ex) {
<a class="jxr_linenumber" name="L177" href="#L177">177</a> <strong class="jxr_keyword">throw</strong> ex;
<a class="jxr_linenumber" name="L178" href="#L178">178</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
<a class="jxr_linenumber" name="L179" href="#L179">179</a> throwSuppressionParseException(<span class="jxr_string">"Unable to create temp file for suppressions"</span>, ex);
<a class="jxr_linenumber" name="L180" href="#L180">180</a> } <strong class="jxr_keyword">finally</strong> {
<a class="jxr_linenumber" name="L181" href="#L181">181</a> <strong class="jxr_keyword">if</strong> (deleteTempFile &amp;&amp; file != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="L182" href="#L182">182</a> FileUtils.delete(file);
<a class="jxr_linenumber" name="L183" href="#L183">183</a> }
<a class="jxr_linenumber" name="L184" href="#L184">184</a> }
<a class="jxr_linenumber" name="L185" href="#L185">185</a> }
<a class="jxr_linenumber" name="L186" href="#L186">186</a>
<a class="jxr_linenumber" name="L187" href="#L187">187</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L188" href="#L188">188</a> <em class="jxr_javadoccomment"> * Utility method to throw parse exceptions.</em>
<a class="jxr_linenumber" name="L189" href="#L189">189</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L190" href="#L190">190</a> <em class="jxr_javadoccomment"> * @param message the exception message</em>
<a class="jxr_linenumber" name="L191" href="#L191">191</a> <em class="jxr_javadoccomment"> * @param exception the cause of the exception</em>
<a class="jxr_linenumber" name="L192" href="#L192">192</a> <em class="jxr_javadoccomment"> * @throws SuppressionParseException throws the generated</em>
<a class="jxr_linenumber" name="L193" href="#L193">193</a> <em class="jxr_javadoccomment"> * SuppressionParseException</em>
<a class="jxr_linenumber" name="L194" href="#L194">194</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L195" href="#L195">195</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> throwSuppressionParseException(String message, Exception exception) <strong class="jxr_keyword">throws</strong> SuppressionParseException {
<a class="jxr_linenumber" name="L196" href="#L196">196</a> LOGGER.warn(message);
<a class="jxr_linenumber" name="L197" href="#L197">197</a> LOGGER.debug(<span class="jxr_string">""</span>, exception);
<a class="jxr_linenumber" name="L198" href="#L198">198</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/xml/suppression/SuppressionParseException.html">SuppressionParseException</a>(message, exception);
<a class="jxr_linenumber" name="L199" href="#L199">199</a> }
<a class="jxr_linenumber" name="L200" href="#L200">200</a> }
</pre>
<hr/>
<div id="footer">Copyright &#169; 2012&#x2013;2016 <a href="http://www.owasp.org">OWASP</a>. All rights reserved.</div>

10
xref/org/owasp/dependencycheck/analyzer/Analyzer.html
View File

@@ -83,7 +83,15 @@
<a class="jxr_linenumber" name="L75" href="#L75">75</a> <em class="jxr_javadoccomment"> * @throws Exception is thrown if an exception occurs closing the analyzer.</em>
<a class="jxr_linenumber" name="L76" href="#L76">76</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L77" href="#L77">77</a> <strong class="jxr_keyword">void</strong> close() <strong class="jxr_keyword">throws</strong> Exception;
<a class="jxr_linenumber" name="L78" href="#L78">78</a> }
<a class="jxr_linenumber" name="L78" href="#L78">78</a>
<a class="jxr_linenumber" name="L79" href="#L79">79</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L80" href="#L80">80</a> <em class="jxr_javadoccomment"> * Returns whether multiple instances of the same type of analyzer can run in parallel.</em>
<a class="jxr_linenumber" name="L81" href="#L81">81</a> <em class="jxr_javadoccomment"> * Note that running analyzers of different types in parallel is not supported at all.</em>
<a class="jxr_linenumber" name="L82" href="#L82">82</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L83" href="#L83">83</a> <em class="jxr_javadoccomment"> * @return {@code true} if the analyzer supports parallel processing, {@code false} else</em>
<a class="jxr_linenumber" name="L84" href="#L84">84</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L85" href="#L85">85</a> <strong class="jxr_keyword">boolean</strong> supportsParallelProcessing();
<a class="jxr_linenumber" name="L86" href="#L86">86</a> }
</pre>
<hr/>
<div id="footer">Copyright &#169; 2012&#x2013;2016 <a href="http://www.owasp.org">OWASP</a>. All rights reserved.</div>

1170
xref/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.html
View File

File diff suppressed because it is too large Load Diff

586
xref/org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.html
View File

@@ -81,302 +81,298 @@
<a class="jxr_linenumber" name="L73" href="#L73">73</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L74" href="#L74">74</a> <strong class="jxr_keyword">private</strong> File grokAssemblyExe = <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="L75" href="#L75">75</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L76" href="#L76">76</a> <em class="jxr_javadoccomment"> * The DocumentBuilder for parsing the XML</em>
<a class="jxr_linenumber" name="L76" href="#L76">76</a> <em class="jxr_javadoccomment"> * Logger</em>
<a class="jxr_linenumber" name="L77" href="#L77">77</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L78" href="#L78">78</a> <strong class="jxr_keyword">private</strong> DocumentBuilder builder;
<a class="jxr_linenumber" name="L79" href="#L79">79</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L80" href="#L80">80</a> <em class="jxr_javadoccomment"> * Logger</em>
<a class="jxr_linenumber" name="L81" href="#L81">81</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L82" href="#L82">82</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Logger LOGGER = LoggerFactory.getLogger(AssemblyAnalyzer.<strong class="jxr_keyword">class</strong>);
<a class="jxr_linenumber" name="L83" href="#L83">83</a>
<a class="jxr_linenumber" name="L84" href="#L84">84</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L85" href="#L85">85</a> <em class="jxr_javadoccomment"> * Builds the beginnings of a List for ProcessBuilder</em>
<a class="jxr_linenumber" name="L86" href="#L86">86</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L87" href="#L87">87</a> <em class="jxr_javadoccomment"> * @return the list of arguments to begin populating the ProcessBuilder</em>
<a class="jxr_linenumber" name="L88" href="#L88">88</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L89" href="#L89">89</a> <strong class="jxr_keyword">protected</strong> List&lt;String&gt; buildArgumentList() {
<a class="jxr_linenumber" name="L90" href="#L90">90</a> <em class="jxr_comment">// Use file.separator as a wild guess as to whether this is Windows</em>
<a class="jxr_linenumber" name="L91" href="#L91">91</a> <strong class="jxr_keyword">final</strong> List&lt;String&gt; args = <strong class="jxr_keyword">new</strong> ArrayList&lt;String&gt;();
<a class="jxr_linenumber" name="L92" href="#L92">92</a> <strong class="jxr_keyword">if</strong> (!SystemUtils.IS_OS_WINDOWS) {
<a class="jxr_linenumber" name="L93" href="#L93">93</a> <strong class="jxr_keyword">if</strong> (Settings.getString(Settings.KEYS.ANALYZER_ASSEMBLY_MONO_PATH) != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="L94" href="#L94">94</a> args.add(Settings.getString(Settings.KEYS.ANALYZER_ASSEMBLY_MONO_PATH));
<a class="jxr_linenumber" name="L95" href="#L95">95</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (isInPath(<span class="jxr_string">"mono"</span>)) {
<a class="jxr_linenumber" name="L96" href="#L96">96</a> args.add(<span class="jxr_string">"mono"</span>);
<a class="jxr_linenumber" name="L97" href="#L97">97</a> } <strong class="jxr_keyword">else</strong> {
<a class="jxr_linenumber" name="L98" href="#L98">98</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="L99" href="#L99">99</a> }
<a class="jxr_linenumber" name="L100" href="#L100">100</a> }
<a class="jxr_linenumber" name="L101" href="#L101">101</a> args.add(grokAssemblyExe.getPath());
<a class="jxr_linenumber" name="L102" href="#L102">102</a> <strong class="jxr_keyword">return</strong> args;
<a class="jxr_linenumber" name="L103" href="#L103">103</a> }
<a class="jxr_linenumber" name="L104" href="#L104">104</a>
<a class="jxr_linenumber" name="L105" href="#L105">105</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L106" href="#L106">106</a> <em class="jxr_javadoccomment"> * Performs the analysis on a single Dependency.</em>
<a class="jxr_linenumber" name="L107" href="#L107">107</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L108" href="#L108">108</a> <em class="jxr_javadoccomment"> * @param dependency the dependency to analyze</em>
<a class="jxr_linenumber" name="L109" href="#L109">109</a> <em class="jxr_javadoccomment"> * @param engine the engine to perform the analysis under</em>
<a class="jxr_linenumber" name="L110" href="#L110">110</a> <em class="jxr_javadoccomment"> * @throws AnalysisException if anything goes sideways</em>
<a class="jxr_linenumber" name="L111" href="#L111">111</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L112" href="#L112">112</a> @Override
<a class="jxr_linenumber" name="L113" href="#L113">113</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> analyzeFileType(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency, <a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a> engine)
<a class="jxr_linenumber" name="L114" href="#L114">114</a> <strong class="jxr_keyword">throws</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a> {
<a class="jxr_linenumber" name="L115" href="#L115">115</a> <strong class="jxr_keyword">if</strong> (grokAssemblyExe == <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="L116" href="#L116">116</a> LOGGER.warn(<span class="jxr_string">"GrokAssembly didn't get deployed"</span>);
<a class="jxr_linenumber" name="L117" href="#L117">117</a> <strong class="jxr_keyword">return</strong>;
<a class="jxr_linenumber" name="L118" href="#L118">118</a> }
<a class="jxr_linenumber" name="L119" href="#L119">119</a>
<a class="jxr_linenumber" name="L120" href="#L120">120</a> <strong class="jxr_keyword">final</strong> List&lt;String&gt; args = buildArgumentList();
<a class="jxr_linenumber" name="L121" href="#L121">121</a> <strong class="jxr_keyword">if</strong> (args == <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="L122" href="#L122">122</a> LOGGER.warn(<span class="jxr_string">"Assembly Analyzer was unable to execute"</span>);
<a class="jxr_linenumber" name="L123" href="#L123">123</a> <strong class="jxr_keyword">return</strong>;
<a class="jxr_linenumber" name="L124" href="#L124">124</a> }
<a class="jxr_linenumber" name="L125" href="#L125">125</a> args.add(dependency.getActualFilePath());
<a class="jxr_linenumber" name="L126" href="#L126">126</a> <strong class="jxr_keyword">final</strong> ProcessBuilder pb = <strong class="jxr_keyword">new</strong> ProcessBuilder(args);
<a class="jxr_linenumber" name="L127" href="#L127">127</a> Document doc = <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="L128" href="#L128">128</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L129" href="#L129">129</a> <strong class="jxr_keyword">final</strong> Process proc = pb.start();
<a class="jxr_linenumber" name="L130" href="#L130">130</a>
<a class="jxr_linenumber" name="L131" href="#L131">131</a> doc = builder.parse(proc.getInputStream());
<a class="jxr_linenumber" name="L132" href="#L132">132</a>
<a class="jxr_linenumber" name="L133" href="#L133">133</a> <em class="jxr_comment">// Try evacuating the error stream</em>
<a class="jxr_linenumber" name="L134" href="#L134">134</a> <strong class="jxr_keyword">final</strong> String errorStream = IOUtils.toString(proc.getErrorStream(), <span class="jxr_string">"UTF-8"</span>);
<a class="jxr_linenumber" name="L135" href="#L135">135</a> <strong class="jxr_keyword">if</strong> (<strong class="jxr_keyword">null</strong> != errorStream &amp;&amp; !errorStream.isEmpty()) {
<a class="jxr_linenumber" name="L136" href="#L136">136</a> LOGGER.warn(<span class="jxr_string">"Error from GrokAssembly: {}"</span>, errorStream);
<a class="jxr_linenumber" name="L137" href="#L137">137</a> }
<a class="jxr_linenumber" name="L138" href="#L138">138</a>
<a class="jxr_linenumber" name="L139" href="#L139">139</a> <strong class="jxr_keyword">int</strong> rc = 0;
<a class="jxr_linenumber" name="L140" href="#L140">140</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L141" href="#L141">141</a> rc = proc.waitFor();
<a class="jxr_linenumber" name="L142" href="#L142">142</a> } <strong class="jxr_keyword">catch</strong> (InterruptedException ie) {
<a class="jxr_linenumber" name="L143" href="#L143">143</a> <strong class="jxr_keyword">return</strong>;
<a class="jxr_linenumber" name="L144" href="#L144">144</a> }
<a class="jxr_linenumber" name="L145" href="#L145">145</a> <strong class="jxr_keyword">if</strong> (rc == 3) {
<a class="jxr_linenumber" name="L146" href="#L146">146</a> LOGGER.debug(<span class="jxr_string">"{} is not a .NET assembly or executable and as such cannot be analyzed by dependency-check"</span>,
<a class="jxr_linenumber" name="L147" href="#L147">147</a> dependency.getActualFilePath());
<a class="jxr_linenumber" name="L148" href="#L148">148</a> <strong class="jxr_keyword">return</strong>;
<a class="jxr_linenumber" name="L149" href="#L149">149</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (rc != 0) {
<a class="jxr_linenumber" name="L150" href="#L150">150</a> LOGGER.warn(<span class="jxr_string">"Return code {} from GrokAssembly"</span>, rc);
<a class="jxr_linenumber" name="L151" href="#L151">151</a> }
<a class="jxr_linenumber" name="L152" href="#L152">152</a>
<a class="jxr_linenumber" name="L153" href="#L153">153</a> <strong class="jxr_keyword">final</strong> XPath xpath = XPathFactory.newInstance().newXPath();
<a class="jxr_linenumber" name="L154" href="#L154">154</a>
<a class="jxr_linenumber" name="L155" href="#L155">155</a> <em class="jxr_comment">// First, see if there was an error</em>
<a class="jxr_linenumber" name="L156" href="#L156">156</a> <strong class="jxr_keyword">final</strong> String error = xpath.evaluate(<span class="jxr_string">"/assembly/error"</span>, doc);
<a class="jxr_linenumber" name="L157" href="#L157">157</a> <strong class="jxr_keyword">if</strong> (error != <strong class="jxr_keyword">null</strong> &amp;&amp; !error.isEmpty()) {
<a class="jxr_linenumber" name="L158" href="#L158">158</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(error);
<a class="jxr_linenumber" name="L159" href="#L159">159</a> }
<a class="jxr_linenumber" name="L160" href="#L160">160</a>
<a class="jxr_linenumber" name="L161" href="#L161">161</a> <strong class="jxr_keyword">final</strong> String version = xpath.evaluate(<span class="jxr_string">"/assembly/version"</span>, doc);
<a class="jxr_linenumber" name="L162" href="#L162">162</a> <strong class="jxr_keyword">if</strong> (version != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="L163" href="#L163">163</a> dependency.getVersionEvidence().addEvidence(<strong class="jxr_keyword">new</strong> Evidence(<span class="jxr_string">"grokassembly"</span>, <span class="jxr_string">"version"</span>,
<a class="jxr_linenumber" name="L164" href="#L164">164</a> version, Confidence.HIGHEST));
<a class="jxr_linenumber" name="L165" href="#L165">165</a> }
<a class="jxr_linenumber" name="L166" href="#L166">166</a>
<a class="jxr_linenumber" name="L167" href="#L167">167</a> <strong class="jxr_keyword">final</strong> String vendor = xpath.evaluate(<span class="jxr_string">"/assembly/company"</span>, doc);
<a class="jxr_linenumber" name="L168" href="#L168">168</a> <strong class="jxr_keyword">if</strong> (vendor != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="L169" href="#L169">169</a> dependency.getVendorEvidence().addEvidence(<strong class="jxr_keyword">new</strong> Evidence(<span class="jxr_string">"grokassembly"</span>, <span class="jxr_string">"vendor"</span>,
<a class="jxr_linenumber" name="L170" href="#L170">170</a> vendor, Confidence.HIGH));
<a class="jxr_linenumber" name="L171" href="#L171">171</a> }
<a class="jxr_linenumber" name="L172" href="#L172">172</a>
<a class="jxr_linenumber" name="L173" href="#L173">173</a> <strong class="jxr_keyword">final</strong> String product = xpath.evaluate(<span class="jxr_string">"/assembly/product"</span>, doc);
<a class="jxr_linenumber" name="L174" href="#L174">174</a> <strong class="jxr_keyword">if</strong> (product != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="L175" href="#L175">175</a> dependency.getProductEvidence().addEvidence(<strong class="jxr_keyword">new</strong> Evidence(<span class="jxr_string">"grokassembly"</span>, <span class="jxr_string">"product"</span>,
<a class="jxr_linenumber" name="L176" href="#L176">176</a> product, Confidence.HIGH));
<a class="jxr_linenumber" name="L177" href="#L177">177</a> }
<a class="jxr_linenumber" name="L178" href="#L178">178</a>
<a class="jxr_linenumber" name="L179" href="#L179">179</a> } <strong class="jxr_keyword">catch</strong> (IOException ioe) {
<a class="jxr_linenumber" name="L180" href="#L180">180</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(ioe);
<a class="jxr_linenumber" name="L181" href="#L181">181</a> } <strong class="jxr_keyword">catch</strong> (SAXException saxe) {
<a class="jxr_linenumber" name="L182" href="#L182">182</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(<span class="jxr_string">"Couldn't parse GrokAssembly result"</span>, saxe);
<a class="jxr_linenumber" name="L183" href="#L183">183</a> } <strong class="jxr_keyword">catch</strong> (XPathExpressionException xpe) {
<a class="jxr_linenumber" name="L184" href="#L184">184</a> <em class="jxr_comment">// This shouldn't happen</em>
<a class="jxr_linenumber" name="L185" href="#L185">185</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(xpe);
<a class="jxr_linenumber" name="L186" href="#L186">186</a> }
<a class="jxr_linenumber" name="L187" href="#L187">187</a> }
<a class="jxr_linenumber" name="L188" href="#L188">188</a>
<a class="jxr_linenumber" name="L189" href="#L189">189</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L190" href="#L190">190</a> <em class="jxr_javadoccomment"> * Initialize the analyzer. In this case, extract GrokAssembly.exe to a</em>
<a class="jxr_linenumber" name="L191" href="#L191">191</a> <em class="jxr_javadoccomment"> * temporary location.</em>
<a class="jxr_linenumber" name="L192" href="#L192">192</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L193" href="#L193">193</a> <em class="jxr_javadoccomment"> * @throws InitializationException thrown if anything goes wrong</em>
<a class="jxr_linenumber" name="L194" href="#L194">194</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L195" href="#L195">195</a> @Override
<a class="jxr_linenumber" name="L196" href="#L196">196</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> initializeFileTypeAnalyzer() <strong class="jxr_keyword">throws</strong> InitializationException {
<a class="jxr_linenumber" name="L197" href="#L197">197</a> <strong class="jxr_keyword">final</strong> File tempFile;
<a class="jxr_linenumber" name="L198" href="#L198">198</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L199" href="#L199">199</a> tempFile = File.createTempFile(<span class="jxr_string">"GKA"</span>, <span class="jxr_string">".exe"</span>, Settings.getTempDirectory());
<a class="jxr_linenumber" name="L200" href="#L200">200</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
<a class="jxr_linenumber" name="L201" href="#L201">201</a> setEnabled(false);
<a class="jxr_linenumber" name="L202" href="#L202">202</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/exception/InitializationException.html">InitializationException</a>(<span class="jxr_string">"Unable to create temporary file for the assembly analyzerr"</span>, ex);
<a class="jxr_linenumber" name="L203" href="#L203">203</a> }
<a class="jxr_linenumber" name="L204" href="#L204">204</a> FileOutputStream fos = <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="L205" href="#L205">205</a> InputStream is = <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="L206" href="#L206">206</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L207" href="#L207">207</a> fos = <strong class="jxr_keyword">new</strong> FileOutputStream(tempFile);
<a class="jxr_linenumber" name="L208" href="#L208">208</a> is = AssemblyAnalyzer.<strong class="jxr_keyword">class</strong>.getClassLoader().getResourceAsStream(<span class="jxr_string">"GrokAssembly.exe"</span>);
<a class="jxr_linenumber" name="L209" href="#L209">209</a> IOUtils.copy(is, fos);
<a class="jxr_linenumber" name="L210" href="#L210">210</a>
<a class="jxr_linenumber" name="L211" href="#L211">211</a> grokAssemblyExe = tempFile;
<a class="jxr_linenumber" name="L212" href="#L212">212</a> LOGGER.debug(<span class="jxr_string">"Extracted GrokAssembly.exe to {}"</span>, grokAssemblyExe.getPath());
<a class="jxr_linenumber" name="L213" href="#L213">213</a> } <strong class="jxr_keyword">catch</strong> (IOException ioe) {
<a class="jxr_linenumber" name="L214" href="#L214">214</a> <strong class="jxr_keyword">this</strong>.setEnabled(false);
<a class="jxr_linenumber" name="L215" href="#L215">215</a> LOGGER.warn(<span class="jxr_string">"Could not extract GrokAssembly.exe: {}"</span>, ioe.getMessage());
<a class="jxr_linenumber" name="L216" href="#L216">216</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/exception/InitializationException.html">InitializationException</a>(<span class="jxr_string">"Could not extract GrokAssembly.exe"</span>, ioe);
<a class="jxr_linenumber" name="L217" href="#L217">217</a> } <strong class="jxr_keyword">finally</strong> {
<a class="jxr_linenumber" name="L218" href="#L218">218</a> <strong class="jxr_keyword">if</strong> (fos != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="L219" href="#L219">219</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L220" href="#L220">220</a> fos.close();
<a class="jxr_linenumber" name="L221" href="#L221">221</a> } <strong class="jxr_keyword">catch</strong> (Throwable e) {
<a class="jxr_linenumber" name="L222" href="#L222">222</a> LOGGER.debug(<span class="jxr_string">"Error closing output stream"</span>);
<a class="jxr_linenumber" name="L223" href="#L223">223</a> }
<a class="jxr_linenumber" name="L224" href="#L224">224</a> }
<a class="jxr_linenumber" name="L225" href="#L225">225</a> <strong class="jxr_keyword">if</strong> (is != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="L226" href="#L226">226</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L227" href="#L227">227</a> is.close();
<a class="jxr_linenumber" name="L228" href="#L228">228</a> } <strong class="jxr_keyword">catch</strong> (Throwable e) {
<a class="jxr_linenumber" name="L229" href="#L229">229</a> LOGGER.debug(<span class="jxr_string">"Error closing input stream"</span>);
<a class="jxr_linenumber" name="L230" href="#L230">230</a> }
<a class="jxr_linenumber" name="L231" href="#L231">231</a> }
<a class="jxr_linenumber" name="L232" href="#L232">232</a> }
<a class="jxr_linenumber" name="L233" href="#L233">233</a>
<a class="jxr_linenumber" name="L234" href="#L234">234</a> <em class="jxr_comment">// Now, need to see if GrokAssembly actually runs from this location.</em>
<a class="jxr_linenumber" name="L235" href="#L235">235</a> <strong class="jxr_keyword">final</strong> List&lt;String&gt; args = buildArgumentList();
<a class="jxr_linenumber" name="L236" href="#L236">236</a> <em class="jxr_comment">//TODO this creaes an "unreported" error - if someone doesn't look</em>
<a class="jxr_linenumber" name="L237" href="#L237">237</a> <em class="jxr_comment">// at the command output this could easily be missed (especially in an</em>
<a class="jxr_linenumber" name="L238" href="#L238">238</a> <em class="jxr_comment">// Ant or Mmaven build.</em>
<a class="jxr_linenumber" name="L239" href="#L239">239</a> <em class="jxr_comment">//</em>
<a class="jxr_linenumber" name="L240" href="#L240">240</a> <em class="jxr_comment">// We need to create a non-fatal warning error type that will</em>
<a class="jxr_linenumber" name="L241" href="#L241">241</a> <em class="jxr_comment">// get added to the report.</em>
<a class="jxr_linenumber" name="L242" href="#L242">242</a> <em class="jxr_comment">//TOOD this idea needs to get replicated to the bundle audit analyzer.</em>
<a class="jxr_linenumber" name="L243" href="#L243">243</a> <strong class="jxr_keyword">if</strong> (args == <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="L244" href="#L244">244</a> setEnabled(false);
<a class="jxr_linenumber" name="L245" href="#L245">245</a> LOGGER.error(<span class="jxr_string">"----------------------------------------------------"</span>);
<a class="jxr_linenumber" name="L246" href="#L246">246</a> LOGGER.error(<span class="jxr_string">".NET Assembly Analyzer could not be initialized and at least one "</span>
<a class="jxr_linenumber" name="L247" href="#L247">247</a> + <span class="jxr_string">"'exe' or 'dll' was scanned. The 'mono' executale could not be found on "</span>
<a class="jxr_linenumber" name="L248" href="#L248">248</a> + <span class="jxr_string">"the path; either disable the Assembly Analyzer or configure the path mono."</span>);
<a class="jxr_linenumber" name="L249" href="#L249">249</a> LOGGER.error(<span class="jxr_string">"----------------------------------------------------"</span>);
<a class="jxr_linenumber" name="L250" href="#L250">250</a> <strong class="jxr_keyword">return</strong>;
<a class="jxr_linenumber" name="L251" href="#L251">251</a> }
<a class="jxr_linenumber" name="L252" href="#L252">252</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L253" href="#L253">253</a> <strong class="jxr_keyword">final</strong> ProcessBuilder pb = <strong class="jxr_keyword">new</strong> ProcessBuilder(args);
<a class="jxr_linenumber" name="L254" href="#L254">254</a> <strong class="jxr_keyword">final</strong> Process p = pb.start();
<a class="jxr_linenumber" name="L255" href="#L255">255</a> <em class="jxr_comment">// Try evacuating the error stream</em>
<a class="jxr_linenumber" name="L256" href="#L256">256</a> IOUtils.copy(p.getErrorStream(), NullOutputStream.NULL_OUTPUT_STREAM);
<a class="jxr_linenumber" name="L257" href="#L257">257</a>
<a class="jxr_linenumber" name="L258" href="#L258">258</a> <strong class="jxr_keyword">final</strong> Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(p.getInputStream());
<a class="jxr_linenumber" name="L259" href="#L259">259</a> <strong class="jxr_keyword">final</strong> XPath xpath = XPathFactory.newInstance().newXPath();
<a class="jxr_linenumber" name="L260" href="#L260">260</a> <strong class="jxr_keyword">final</strong> String error = xpath.evaluate(<span class="jxr_string">"/assembly/error"</span>, doc);
<a class="jxr_linenumber" name="L261" href="#L261">261</a> <strong class="jxr_keyword">if</strong> (p.waitFor() != 1 || error == <strong class="jxr_keyword">null</strong> || error.isEmpty()) {
<a class="jxr_linenumber" name="L262" href="#L262">262</a> LOGGER.warn(<span class="jxr_string">"An error occurred with the .NET AssemblyAnalyzer, please see the log for more details."</span>);
<a class="jxr_linenumber" name="L263" href="#L263">263</a> LOGGER.debug(<span class="jxr_string">"GrokAssembly.exe is not working properly"</span>);
<a class="jxr_linenumber" name="L264" href="#L264">264</a> grokAssemblyExe = <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="L265" href="#L265">265</a> setEnabled(false);
<a class="jxr_linenumber" name="L266" href="#L266">266</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/exception/InitializationException.html">InitializationException</a>(<span class="jxr_string">"Could not execute .NET AssemblyAnalyzer"</span>);
<a class="jxr_linenumber" name="L267" href="#L267">267</a> }
<a class="jxr_linenumber" name="L268" href="#L268">268</a> } <strong class="jxr_keyword">catch</strong> (InitializationException e) {
<a class="jxr_linenumber" name="L269" href="#L269">269</a> setEnabled(false);
<a class="jxr_linenumber" name="L270" href="#L270">270</a> <strong class="jxr_keyword">throw</strong> e;
<a class="jxr_linenumber" name="L271" href="#L271">271</a> } <strong class="jxr_keyword">catch</strong> (Throwable e) {
<a class="jxr_linenumber" name="L272" href="#L272">272</a> LOGGER.warn(<span class="jxr_string">"An error occurred with the .NET AssemblyAnalyzer;\n"</span>
<a class="jxr_linenumber" name="L273" href="#L273">273</a> + <span class="jxr_string">"this can be ignored unless you are scanning .NET DLLs. Please see the log for more details."</span>);
<a class="jxr_linenumber" name="L274" href="#L274">274</a> LOGGER.debug(<span class="jxr_string">"Could not execute GrokAssembly {}"</span>, e.getMessage());
<a class="jxr_linenumber" name="L275" href="#L275">275</a> setEnabled(false);
<a class="jxr_linenumber" name="L276" href="#L276">276</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/exception/InitializationException.html">InitializationException</a>(<span class="jxr_string">"An error occurred with the .NET AssemblyAnalyzer"</span>, e);
<a class="jxr_linenumber" name="L277" href="#L277">277</a> }
<a class="jxr_linenumber" name="L278" href="#L278">278</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L279" href="#L279">279</a> builder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
<a class="jxr_linenumber" name="L280" href="#L280">280</a> } <strong class="jxr_keyword">catch</strong> (ParserConfigurationException ex) {
<a class="jxr_linenumber" name="L281" href="#L281">281</a> setEnabled(false);
<a class="jxr_linenumber" name="L282" href="#L282">282</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/exception/InitializationException.html">InitializationException</a>(<span class="jxr_string">"Error initializing the assembly analyzer"</span>, ex);
<a class="jxr_linenumber" name="L283" href="#L283">283</a> }
<a class="jxr_linenumber" name="L284" href="#L284">284</a> }
<a class="jxr_linenumber" name="L285" href="#L285">285</a>
<a class="jxr_linenumber" name="L286" href="#L286">286</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L287" href="#L287">287</a> <em class="jxr_javadoccomment"> * Removes resources used from the local file system.</em>
<a class="jxr_linenumber" name="L288" href="#L288">288</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L289" href="#L289">289</a> <em class="jxr_javadoccomment"> * @throws Exception thrown if there is a problem closing the analyzer</em>
<a class="jxr_linenumber" name="L290" href="#L290">290</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L291" href="#L291">291</a> @Override
<a class="jxr_linenumber" name="L292" href="#L292">292</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> close() <strong class="jxr_keyword">throws</strong> Exception {
<a class="jxr_linenumber" name="L293" href="#L293">293</a> <strong class="jxr_keyword">super</strong>.close();
<a class="jxr_linenumber" name="L294" href="#L294">294</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L295" href="#L295">295</a> <strong class="jxr_keyword">if</strong> (grokAssemblyExe != <strong class="jxr_keyword">null</strong> &amp;&amp; !grokAssemblyExe.delete()) {
<a class="jxr_linenumber" name="L296" href="#L296">296</a> LOGGER.debug(<span class="jxr_string">"Unable to delete temporary GrokAssembly.exe; attempting delete on exit"</span>);
<a class="jxr_linenumber" name="L297" href="#L297">297</a> grokAssemblyExe.deleteOnExit();
<a class="jxr_linenumber" name="L298" href="#L298">298</a> }
<a class="jxr_linenumber" name="L299" href="#L299">299</a> } <strong class="jxr_keyword">catch</strong> (SecurityException se) {
<a class="jxr_linenumber" name="L300" href="#L300">300</a> LOGGER.debug(<span class="jxr_string">"Can't delete temporary GrokAssembly.exe"</span>);
<a class="jxr_linenumber" name="L301" href="#L301">301</a> grokAssemblyExe.deleteOnExit();
<a class="jxr_linenumber" name="L302" href="#L302">302</a> }
<a class="jxr_linenumber" name="L303" href="#L303">303</a> }
<a class="jxr_linenumber" name="L304" href="#L304">304</a>
<a class="jxr_linenumber" name="L305" href="#L305">305</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L306" href="#L306">306</a> <em class="jxr_javadoccomment"> * The File Filter used to filter supported extensions.</em>
<a class="jxr_linenumber" name="L307" href="#L307">307</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L308" href="#L308">308</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> FileFilter FILTER = FileFilterBuilder.newInstance().addExtensions(
<a class="jxr_linenumber" name="L309" href="#L309">309</a> SUPPORTED_EXTENSIONS).build();
<a class="jxr_linenumber" name="L310" href="#L310">310</a>
<a class="jxr_linenumber" name="L311" href="#L311">311</a> @Override
<a class="jxr_linenumber" name="L312" href="#L312">312</a> <strong class="jxr_keyword">protected</strong> FileFilter getFileFilter() {
<a class="jxr_linenumber" name="L313" href="#L313">313</a> <strong class="jxr_keyword">return</strong> FILTER;
<a class="jxr_linenumber" name="L314" href="#L314">314</a> }
<a class="jxr_linenumber" name="L315" href="#L315">315</a>
<a class="jxr_linenumber" name="L316" href="#L316">316</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L317" href="#L317">317</a> <em class="jxr_javadoccomment"> * Gets this analyzer's name.</em>
<a class="jxr_linenumber" name="L318" href="#L318">318</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L319" href="#L319">319</a> <em class="jxr_javadoccomment"> * @return the analyzer name</em>
<a class="jxr_linenumber" name="L320" href="#L320">320</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L321" href="#L321">321</a> @Override
<a class="jxr_linenumber" name="L322" href="#L322">322</a> <strong class="jxr_keyword">public</strong> String getName() {
<a class="jxr_linenumber" name="L323" href="#L323">323</a> <strong class="jxr_keyword">return</strong> ANALYZER_NAME;
<a class="jxr_linenumber" name="L324" href="#L324">324</a> }
<a class="jxr_linenumber" name="L325" href="#L325">325</a>
<a class="jxr_linenumber" name="L326" href="#L326">326</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L327" href="#L327">327</a> <em class="jxr_javadoccomment"> * Returns the phase this analyzer runs under.</em>
<a class="jxr_linenumber" name="L328" href="#L328">328</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L329" href="#L329">329</a> <em class="jxr_javadoccomment"> * @return the phase this runs under</em>
<a class="jxr_linenumber" name="L330" href="#L330">330</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L331" href="#L331">331</a> @Override
<a class="jxr_linenumber" name="L332" href="#L332">332</a> <strong class="jxr_keyword">public</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisPhase.html">AnalysisPhase</a> getAnalysisPhase() {
<a class="jxr_linenumber" name="L333" href="#L333">333</a> <strong class="jxr_keyword">return</strong> ANALYSIS_PHASE;
<a class="jxr_linenumber" name="L334" href="#L334">334</a> }
<a class="jxr_linenumber" name="L335" href="#L335">335</a>
<a class="jxr_linenumber" name="L336" href="#L336">336</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L337" href="#L337">337</a> <em class="jxr_javadoccomment"> * Returns the key used in the properties file to reference the analyzer's</em>
<a class="jxr_linenumber" name="L338" href="#L338">338</a> <em class="jxr_javadoccomment"> * enabled property.</em>
<a class="jxr_linenumber" name="L339" href="#L339">339</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L340" href="#L340">340</a> <em class="jxr_javadoccomment"> * @return the analyzer's enabled property setting key</em>
<a class="jxr_linenumber" name="L341" href="#L341">341</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L342" href="#L342">342</a> @Override
<a class="jxr_linenumber" name="L343" href="#L343">343</a> <strong class="jxr_keyword">protected</strong> String getAnalyzerEnabledSettingKey() {
<a class="jxr_linenumber" name="L344" href="#L344">344</a> <strong class="jxr_keyword">return</strong> Settings.KEYS.ANALYZER_ASSEMBLY_ENABLED;
<a class="jxr_linenumber" name="L345" href="#L345">345</a> }
<a class="jxr_linenumber" name="L346" href="#L346">346</a>
<a class="jxr_linenumber" name="L347" href="#L347">347</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L348" href="#L348">348</a> <em class="jxr_javadoccomment"> * Tests to see if a file is in the system path. &lt;b&gt;Note&lt;/b&gt; - the current</em>
<a class="jxr_linenumber" name="L349" href="#L349">349</a> <em class="jxr_javadoccomment"> * implementation only works on non-windows platforms. For purposes of the</em>
<a class="jxr_linenumber" name="L350" href="#L350">350</a> <em class="jxr_javadoccomment"> * AssemblyAnalyzer this is okay as this is only needed on Mac/*nix.</em>
<a class="jxr_linenumber" name="L351" href="#L351">351</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L352" href="#L352">352</a> <em class="jxr_javadoccomment"> * @param file the executable to look for</em>
<a class="jxr_linenumber" name="L353" href="#L353">353</a> <em class="jxr_javadoccomment"> * @return &lt;code&gt;true&lt;/code&gt; if the file exists; otherwise</em>
<a class="jxr_linenumber" name="L354" href="#L354">354</a> <em class="jxr_javadoccomment"> * &lt;code&gt;false&lt;/code&gt;</em>
<a class="jxr_linenumber" name="L355" href="#L355">355</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L356" href="#L356">356</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">boolean</strong> isInPath(String file) {
<a class="jxr_linenumber" name="L357" href="#L357">357</a> <strong class="jxr_keyword">final</strong> ProcessBuilder pb = <strong class="jxr_keyword">new</strong> ProcessBuilder(<span class="jxr_string">"which"</span>, file);
<a class="jxr_linenumber" name="L358" href="#L358">358</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L359" href="#L359">359</a> <strong class="jxr_keyword">final</strong> Process proc = pb.start();
<a class="jxr_linenumber" name="L360" href="#L360">360</a> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">int</strong> retCode = proc.waitFor();
<a class="jxr_linenumber" name="L361" href="#L361">361</a> <strong class="jxr_keyword">if</strong> (retCode == 0) {
<a class="jxr_linenumber" name="L362" href="#L362">362</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">true</strong>;
<a class="jxr_linenumber" name="L363" href="#L363">363</a> }
<a class="jxr_linenumber" name="L364" href="#L364">364</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
<a class="jxr_linenumber" name="L365" href="#L365">365</a> LOGGER.debug(<span class="jxr_string">"Path seach failed for "</span> + file);
<a class="jxr_linenumber" name="L366" href="#L366">366</a> } <strong class="jxr_keyword">catch</strong> (InterruptedException ex) {
<a class="jxr_linenumber" name="L367" href="#L367">367</a> LOGGER.debug(<span class="jxr_string">"Path seach failed for "</span> + file);
<a class="jxr_linenumber" name="L368" href="#L368">368</a> }
<a class="jxr_linenumber" name="L369" href="#L369">369</a> <strong class="jxr_keyword">return</strong> false;
<a class="jxr_linenumber" name="L370" href="#L370">370</a> }
<a class="jxr_linenumber" name="L371" href="#L371">371</a> }
<a class="jxr_linenumber" name="L78" href="#L78">78</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Logger LOGGER = LoggerFactory.getLogger(AssemblyAnalyzer.<strong class="jxr_keyword">class</strong>);
<a class="jxr_linenumber" name="L79" href="#L79">79</a>
<a class="jxr_linenumber" name="L80" href="#L80">80</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L81" href="#L81">81</a> <em class="jxr_javadoccomment"> * Builds the beginnings of a List for ProcessBuilder</em>
<a class="jxr_linenumber" name="L82" href="#L82">82</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L83" href="#L83">83</a> <em class="jxr_javadoccomment"> * @return the list of arguments to begin populating the ProcessBuilder</em>
<a class="jxr_linenumber" name="L84" href="#L84">84</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L85" href="#L85">85</a> <strong class="jxr_keyword">protected</strong> List&lt;String&gt; buildArgumentList() {
<a class="jxr_linenumber" name="L86" href="#L86">86</a> <em class="jxr_comment">// Use file.separator as a wild guess as to whether this is Windows</em>
<a class="jxr_linenumber" name="L87" href="#L87">87</a> <strong class="jxr_keyword">final</strong> List&lt;String&gt; args = <strong class="jxr_keyword">new</strong> ArrayList&lt;String&gt;();
<a class="jxr_linenumber" name="L88" href="#L88">88</a> <strong class="jxr_keyword">if</strong> (!SystemUtils.IS_OS_WINDOWS) {
<a class="jxr_linenumber" name="L89" href="#L89">89</a> <strong class="jxr_keyword">if</strong> (Settings.getString(Settings.KEYS.ANALYZER_ASSEMBLY_MONO_PATH) != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="L90" href="#L90">90</a> args.add(Settings.getString(Settings.KEYS.ANALYZER_ASSEMBLY_MONO_PATH));
<a class="jxr_linenumber" name="L91" href="#L91">91</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (isInPath(<span class="jxr_string">"mono"</span>)) {
<a class="jxr_linenumber" name="L92" href="#L92">92</a> args.add(<span class="jxr_string">"mono"</span>);
<a class="jxr_linenumber" name="L93" href="#L93">93</a> } <strong class="jxr_keyword">else</strong> {
<a class="jxr_linenumber" name="L94" href="#L94">94</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="L95" href="#L95">95</a> }
<a class="jxr_linenumber" name="L96" href="#L96">96</a> }
<a class="jxr_linenumber" name="L97" href="#L97">97</a> args.add(grokAssemblyExe.getPath());
<a class="jxr_linenumber" name="L98" href="#L98">98</a> <strong class="jxr_keyword">return</strong> args;
<a class="jxr_linenumber" name="L99" href="#L99">99</a> }
<a class="jxr_linenumber" name="L100" href="#L100">100</a>
<a class="jxr_linenumber" name="L101" href="#L101">101</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L102" href="#L102">102</a> <em class="jxr_javadoccomment"> * Performs the analysis on a single Dependency.</em>
<a class="jxr_linenumber" name="L103" href="#L103">103</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L104" href="#L104">104</a> <em class="jxr_javadoccomment"> * @param dependency the dependency to analyze</em>
<a class="jxr_linenumber" name="L105" href="#L105">105</a> <em class="jxr_javadoccomment"> * @param engine the engine to perform the analysis under</em>
<a class="jxr_linenumber" name="L106" href="#L106">106</a> <em class="jxr_javadoccomment"> * @throws AnalysisException if anything goes sideways</em>
<a class="jxr_linenumber" name="L107" href="#L107">107</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L108" href="#L108">108</a> @Override
<a class="jxr_linenumber" name="L109" href="#L109">109</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> analyzeFileType(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency, <a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a> engine)
<a class="jxr_linenumber" name="L110" href="#L110">110</a> <strong class="jxr_keyword">throws</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a> {
<a class="jxr_linenumber" name="L111" href="#L111">111</a> <strong class="jxr_keyword">if</strong> (grokAssemblyExe == <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="L112" href="#L112">112</a> LOGGER.warn(<span class="jxr_string">"GrokAssembly didn't get deployed"</span>);
<a class="jxr_linenumber" name="L113" href="#L113">113</a> <strong class="jxr_keyword">return</strong>;
<a class="jxr_linenumber" name="L114" href="#L114">114</a> }
<a class="jxr_linenumber" name="L115" href="#L115">115</a>
<a class="jxr_linenumber" name="L116" href="#L116">116</a> <strong class="jxr_keyword">final</strong> List&lt;String&gt; args = buildArgumentList();
<a class="jxr_linenumber" name="L117" href="#L117">117</a> <strong class="jxr_keyword">if</strong> (args == <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="L118" href="#L118">118</a> LOGGER.warn(<span class="jxr_string">"Assembly Analyzer was unable to execute"</span>);
<a class="jxr_linenumber" name="L119" href="#L119">119</a> <strong class="jxr_keyword">return</strong>;
<a class="jxr_linenumber" name="L120" href="#L120">120</a> }
<a class="jxr_linenumber" name="L121" href="#L121">121</a> args.add(dependency.getActualFilePath());
<a class="jxr_linenumber" name="L122" href="#L122">122</a> <strong class="jxr_keyword">final</strong> ProcessBuilder pb = <strong class="jxr_keyword">new</strong> ProcessBuilder(args);
<a class="jxr_linenumber" name="L123" href="#L123">123</a> Document doc = <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="L124" href="#L124">124</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L125" href="#L125">125</a> <strong class="jxr_keyword">final</strong> Process proc = pb.start();
<a class="jxr_linenumber" name="L126" href="#L126">126</a>
<a class="jxr_linenumber" name="L127" href="#L127">127</a> <strong class="jxr_keyword">final</strong> DocumentBuilder builder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
<a class="jxr_linenumber" name="L128" href="#L128">128</a> doc = builder.parse(proc.getInputStream());
<a class="jxr_linenumber" name="L129" href="#L129">129</a>
<a class="jxr_linenumber" name="L130" href="#L130">130</a> <em class="jxr_comment">// Try evacuating the error stream</em>
<a class="jxr_linenumber" name="L131" href="#L131">131</a> <strong class="jxr_keyword">final</strong> String errorStream = IOUtils.toString(proc.getErrorStream(), <span class="jxr_string">"UTF-8"</span>);
<a class="jxr_linenumber" name="L132" href="#L132">132</a> <strong class="jxr_keyword">if</strong> (<strong class="jxr_keyword">null</strong> != errorStream &amp;&amp; !errorStream.isEmpty()) {
<a class="jxr_linenumber" name="L133" href="#L133">133</a> LOGGER.warn(<span class="jxr_string">"Error from GrokAssembly: {}"</span>, errorStream);
<a class="jxr_linenumber" name="L134" href="#L134">134</a> }
<a class="jxr_linenumber" name="L135" href="#L135">135</a>
<a class="jxr_linenumber" name="L136" href="#L136">136</a> <strong class="jxr_keyword">int</strong> rc = 0;
<a class="jxr_linenumber" name="L137" href="#L137">137</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L138" href="#L138">138</a> rc = proc.waitFor();
<a class="jxr_linenumber" name="L139" href="#L139">139</a> } <strong class="jxr_keyword">catch</strong> (InterruptedException ie) {
<a class="jxr_linenumber" name="L140" href="#L140">140</a> <strong class="jxr_keyword">return</strong>;
<a class="jxr_linenumber" name="L141" href="#L141">141</a> }
<a class="jxr_linenumber" name="L142" href="#L142">142</a> <strong class="jxr_keyword">if</strong> (rc == 3) {
<a class="jxr_linenumber" name="L143" href="#L143">143</a> LOGGER.debug(<span class="jxr_string">"{} is not a .NET assembly or executable and as such cannot be analyzed by dependency-check"</span>,
<a class="jxr_linenumber" name="L144" href="#L144">144</a> dependency.getActualFilePath());
<a class="jxr_linenumber" name="L145" href="#L145">145</a> <strong class="jxr_keyword">return</strong>;
<a class="jxr_linenumber" name="L146" href="#L146">146</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (rc != 0) {
<a class="jxr_linenumber" name="L147" href="#L147">147</a> LOGGER.warn(<span class="jxr_string">"Return code {} from GrokAssembly"</span>, rc);
<a class="jxr_linenumber" name="L148" href="#L148">148</a> }
<a class="jxr_linenumber" name="L149" href="#L149">149</a>
<a class="jxr_linenumber" name="L150" href="#L150">150</a> <strong class="jxr_keyword">final</strong> XPath xpath = XPathFactory.newInstance().newXPath();
<a class="jxr_linenumber" name="L151" href="#L151">151</a>
<a class="jxr_linenumber" name="L152" href="#L152">152</a> <em class="jxr_comment">// First, see if there was an error</em>
<a class="jxr_linenumber" name="L153" href="#L153">153</a> <strong class="jxr_keyword">final</strong> String error = xpath.evaluate(<span class="jxr_string">"/assembly/error"</span>, doc);
<a class="jxr_linenumber" name="L154" href="#L154">154</a> <strong class="jxr_keyword">if</strong> (error != <strong class="jxr_keyword">null</strong> &amp;&amp; !error.isEmpty()) {
<a class="jxr_linenumber" name="L155" href="#L155">155</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(error);
<a class="jxr_linenumber" name="L156" href="#L156">156</a> }
<a class="jxr_linenumber" name="L157" href="#L157">157</a>
<a class="jxr_linenumber" name="L158" href="#L158">158</a> <strong class="jxr_keyword">final</strong> String version = xpath.evaluate(<span class="jxr_string">"/assembly/version"</span>, doc);
<a class="jxr_linenumber" name="L159" href="#L159">159</a> <strong class="jxr_keyword">if</strong> (version != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="L160" href="#L160">160</a> dependency.getVersionEvidence().addEvidence(<strong class="jxr_keyword">new</strong> Evidence(<span class="jxr_string">"grokassembly"</span>, <span class="jxr_string">"version"</span>,
<a class="jxr_linenumber" name="L161" href="#L161">161</a> version, Confidence.HIGHEST));
<a class="jxr_linenumber" name="L162" href="#L162">162</a> }
<a class="jxr_linenumber" name="L163" href="#L163">163</a>
<a class="jxr_linenumber" name="L164" href="#L164">164</a> <strong class="jxr_keyword">final</strong> String vendor = xpath.evaluate(<span class="jxr_string">"/assembly/company"</span>, doc);
<a class="jxr_linenumber" name="L165" href="#L165">165</a> <strong class="jxr_keyword">if</strong> (vendor != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="L166" href="#L166">166</a> dependency.getVendorEvidence().addEvidence(<strong class="jxr_keyword">new</strong> Evidence(<span class="jxr_string">"grokassembly"</span>, <span class="jxr_string">"vendor"</span>,
<a class="jxr_linenumber" name="L167" href="#L167">167</a> vendor, Confidence.HIGH));
<a class="jxr_linenumber" name="L168" href="#L168">168</a> }
<a class="jxr_linenumber" name="L169" href="#L169">169</a>
<a class="jxr_linenumber" name="L170" href="#L170">170</a> <strong class="jxr_keyword">final</strong> String product = xpath.evaluate(<span class="jxr_string">"/assembly/product"</span>, doc);
<a class="jxr_linenumber" name="L171" href="#L171">171</a> <strong class="jxr_keyword">if</strong> (product != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="L172" href="#L172">172</a> dependency.getProductEvidence().addEvidence(<strong class="jxr_keyword">new</strong> Evidence(<span class="jxr_string">"grokassembly"</span>, <span class="jxr_string">"product"</span>,
<a class="jxr_linenumber" name="L173" href="#L173">173</a> product, Confidence.HIGH));
<a class="jxr_linenumber" name="L174" href="#L174">174</a> }
<a class="jxr_linenumber" name="L175" href="#L175">175</a>
<a class="jxr_linenumber" name="L176" href="#L176">176</a> } <strong class="jxr_keyword">catch</strong> (ParserConfigurationException pce) {
<a class="jxr_linenumber" name="L177" href="#L177">177</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(<span class="jxr_string">"Error initializing the assembly analyzer"</span>, pce);
<a class="jxr_linenumber" name="L178" href="#L178">178</a> } <strong class="jxr_keyword">catch</strong> (IOException ioe) {
<a class="jxr_linenumber" name="L179" href="#L179">179</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(ioe);
<a class="jxr_linenumber" name="L180" href="#L180">180</a> } <strong class="jxr_keyword">catch</strong> (SAXException saxe) {
<a class="jxr_linenumber" name="L181" href="#L181">181</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(<span class="jxr_string">"Couldn't parse GrokAssembly result"</span>, saxe);
<a class="jxr_linenumber" name="L182" href="#L182">182</a> } <strong class="jxr_keyword">catch</strong> (XPathExpressionException xpe) {
<a class="jxr_linenumber" name="L183" href="#L183">183</a> <em class="jxr_comment">// This shouldn't happen</em>
<a class="jxr_linenumber" name="L184" href="#L184">184</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(xpe);
<a class="jxr_linenumber" name="L185" href="#L185">185</a> }
<a class="jxr_linenumber" name="L186" href="#L186">186</a> }
<a class="jxr_linenumber" name="L187" href="#L187">187</a>
<a class="jxr_linenumber" name="L188" href="#L188">188</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L189" href="#L189">189</a> <em class="jxr_javadoccomment"> * Initialize the analyzer. In this case, extract GrokAssembly.exe to a</em>
<a class="jxr_linenumber" name="L190" href="#L190">190</a> <em class="jxr_javadoccomment"> * temporary location.</em>
<a class="jxr_linenumber" name="L191" href="#L191">191</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L192" href="#L192">192</a> <em class="jxr_javadoccomment"> * @throws InitializationException thrown if anything goes wrong</em>
<a class="jxr_linenumber" name="L193" href="#L193">193</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L194" href="#L194">194</a> @Override
<a class="jxr_linenumber" name="L195" href="#L195">195</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> initializeFileTypeAnalyzer() <strong class="jxr_keyword">throws</strong> InitializationException {
<a class="jxr_linenumber" name="L196" href="#L196">196</a> <strong class="jxr_keyword">final</strong> File tempFile;
<a class="jxr_linenumber" name="L197" href="#L197">197</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L198" href="#L198">198</a> tempFile = File.createTempFile(<span class="jxr_string">"GKA"</span>, <span class="jxr_string">".exe"</span>, Settings.getTempDirectory());
<a class="jxr_linenumber" name="L199" href="#L199">199</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
<a class="jxr_linenumber" name="L200" href="#L200">200</a> setEnabled(false);
<a class="jxr_linenumber" name="L201" href="#L201">201</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/exception/InitializationException.html">InitializationException</a>(<span class="jxr_string">"Unable to create temporary file for the assembly analyzerr"</span>, ex);
<a class="jxr_linenumber" name="L202" href="#L202">202</a> }
<a class="jxr_linenumber" name="L203" href="#L203">203</a> FileOutputStream fos = <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="L204" href="#L204">204</a> InputStream is = <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="L205" href="#L205">205</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L206" href="#L206">206</a> fos = <strong class="jxr_keyword">new</strong> FileOutputStream(tempFile);
<a class="jxr_linenumber" name="L207" href="#L207">207</a> is = AssemblyAnalyzer.<strong class="jxr_keyword">class</strong>.getClassLoader().getResourceAsStream(<span class="jxr_string">"GrokAssembly.exe"</span>);
<a class="jxr_linenumber" name="L208" href="#L208">208</a> IOUtils.copy(is, fos);
<a class="jxr_linenumber" name="L209" href="#L209">209</a>
<a class="jxr_linenumber" name="L210" href="#L210">210</a> grokAssemblyExe = tempFile;
<a class="jxr_linenumber" name="L211" href="#L211">211</a> LOGGER.debug(<span class="jxr_string">"Extracted GrokAssembly.exe to {}"</span>, grokAssemblyExe.getPath());
<a class="jxr_linenumber" name="L212" href="#L212">212</a> } <strong class="jxr_keyword">catch</strong> (IOException ioe) {
<a class="jxr_linenumber" name="L213" href="#L213">213</a> <strong class="jxr_keyword">this</strong>.setEnabled(false);
<a class="jxr_linenumber" name="L214" href="#L214">214</a> LOGGER.warn(<span class="jxr_string">"Could not extract GrokAssembly.exe: {}"</span>, ioe.getMessage());
<a class="jxr_linenumber" name="L215" href="#L215">215</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/exception/InitializationException.html">InitializationException</a>(<span class="jxr_string">"Could not extract GrokAssembly.exe"</span>, ioe);
<a class="jxr_linenumber" name="L216" href="#L216">216</a> } <strong class="jxr_keyword">finally</strong> {
<a class="jxr_linenumber" name="L217" href="#L217">217</a> <strong class="jxr_keyword">if</strong> (fos != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="L218" href="#L218">218</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L219" href="#L219">219</a> fos.close();
<a class="jxr_linenumber" name="L220" href="#L220">220</a> } <strong class="jxr_keyword">catch</strong> (Throwable e) {
<a class="jxr_linenumber" name="L221" href="#L221">221</a> LOGGER.debug(<span class="jxr_string">"Error closing output stream"</span>);
<a class="jxr_linenumber" name="L222" href="#L222">222</a> }
<a class="jxr_linenumber" name="L223" href="#L223">223</a> }
<a class="jxr_linenumber" name="L224" href="#L224">224</a> <strong class="jxr_keyword">if</strong> (is != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="L225" href="#L225">225</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L226" href="#L226">226</a> is.close();
<a class="jxr_linenumber" name="L227" href="#L227">227</a> } <strong class="jxr_keyword">catch</strong> (Throwable e) {
<a class="jxr_linenumber" name="L228" href="#L228">228</a> LOGGER.debug(<span class="jxr_string">"Error closing input stream"</span>);
<a class="jxr_linenumber" name="L229" href="#L229">229</a> }
<a class="jxr_linenumber" name="L230" href="#L230">230</a> }
<a class="jxr_linenumber" name="L231" href="#L231">231</a> }
<a class="jxr_linenumber" name="L232" href="#L232">232</a>
<a class="jxr_linenumber" name="L233" href="#L233">233</a> <em class="jxr_comment">// Now, need to see if GrokAssembly actually runs from this location.</em>
<a class="jxr_linenumber" name="L234" href="#L234">234</a> <strong class="jxr_keyword">final</strong> List&lt;String&gt; args = buildArgumentList();
<a class="jxr_linenumber" name="L235" href="#L235">235</a> <em class="jxr_comment">//TODO this creates an "unreported" error - if someone doesn't look</em>
<a class="jxr_linenumber" name="L236" href="#L236">236</a> <em class="jxr_comment">// at the command output this could easily be missed (especially in an</em>
<a class="jxr_linenumber" name="L237" href="#L237">237</a> <em class="jxr_comment">// Ant or Maven build.</em>
<a class="jxr_linenumber" name="L238" href="#L238">238</a> <em class="jxr_comment">//</em>
<a class="jxr_linenumber" name="L239" href="#L239">239</a> <em class="jxr_comment">// We need to create a non-fatal warning error type that will</em>
<a class="jxr_linenumber" name="L240" href="#L240">240</a> <em class="jxr_comment">// get added to the report.</em>
<a class="jxr_linenumber" name="L241" href="#L241">241</a> <em class="jxr_comment">//TOOD this idea needs to get replicated to the bundle audit analyzer.</em>
<a class="jxr_linenumber" name="L242" href="#L242">242</a> <strong class="jxr_keyword">if</strong> (args == <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="L243" href="#L243">243</a> setEnabled(false);
<a class="jxr_linenumber" name="L244" href="#L244">244</a> LOGGER.error(<span class="jxr_string">"----------------------------------------------------"</span>);
<a class="jxr_linenumber" name="L245" href="#L245">245</a> LOGGER.error(<span class="jxr_string">".NET Assembly Analyzer could not be initialized and at least one "</span>
<a class="jxr_linenumber" name="L246" href="#L246">246</a> + <span class="jxr_string">"'exe' or 'dll' was scanned. The 'mono' executable could not be found on "</span>
<a class="jxr_linenumber" name="L247" href="#L247">247</a> + <span class="jxr_string">"the path; either disable the Assembly Analyzer or configure the path mono."</span>);
<a class="jxr_linenumber" name="L248" href="#L248">248</a> LOGGER.error(<span class="jxr_string">"----------------------------------------------------"</span>);
<a class="jxr_linenumber" name="L249" href="#L249">249</a> <strong class="jxr_keyword">return</strong>;
<a class="jxr_linenumber" name="L250" href="#L250">250</a> }
<a class="jxr_linenumber" name="L251" href="#L251">251</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L252" href="#L252">252</a> <strong class="jxr_keyword">final</strong> ProcessBuilder pb = <strong class="jxr_keyword">new</strong> ProcessBuilder(args);
<a class="jxr_linenumber" name="L253" href="#L253">253</a> <strong class="jxr_keyword">final</strong> Process p = pb.start();
<a class="jxr_linenumber" name="L254" href="#L254">254</a> <em class="jxr_comment">// Try evacuating the error stream</em>
<a class="jxr_linenumber" name="L255" href="#L255">255</a> IOUtils.copy(p.getErrorStream(), NullOutputStream.NULL_OUTPUT_STREAM);
<a class="jxr_linenumber" name="L256" href="#L256">256</a>
<a class="jxr_linenumber" name="L257" href="#L257">257</a> <strong class="jxr_keyword">final</strong> DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
<a class="jxr_linenumber" name="L258" href="#L258">258</a> factory.setFeature(<span class="jxr_string">"http://apache.org/xml/features/disallow-doctype-decl"</span>, <strong class="jxr_keyword">true</strong>);
<a class="jxr_linenumber" name="L259" href="#L259">259</a> <strong class="jxr_keyword">final</strong> DocumentBuilder builder = factory.newDocumentBuilder();
<a class="jxr_linenumber" name="L260" href="#L260">260</a> <strong class="jxr_keyword">final</strong> Document doc = builder.parse(p.getInputStream());
<a class="jxr_linenumber" name="L261" href="#L261">261</a> <strong class="jxr_keyword">final</strong> XPath xpath = XPathFactory.newInstance().newXPath();
<a class="jxr_linenumber" name="L262" href="#L262">262</a> <strong class="jxr_keyword">final</strong> String error = xpath.evaluate(<span class="jxr_string">"/assembly/error"</span>, doc);
<a class="jxr_linenumber" name="L263" href="#L263">263</a> <strong class="jxr_keyword">if</strong> (p.waitFor() != 1 || error == <strong class="jxr_keyword">null</strong> || error.isEmpty()) {
<a class="jxr_linenumber" name="L264" href="#L264">264</a> LOGGER.warn(<span class="jxr_string">"An error occurred with the .NET AssemblyAnalyzer, please see the log for more details."</span>);
<a class="jxr_linenumber" name="L265" href="#L265">265</a> LOGGER.debug(<span class="jxr_string">"GrokAssembly.exe is not working properly"</span>);
<a class="jxr_linenumber" name="L266" href="#L266">266</a> grokAssemblyExe = <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="L267" href="#L267">267</a> setEnabled(false);
<a class="jxr_linenumber" name="L268" href="#L268">268</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/exception/InitializationException.html">InitializationException</a>(<span class="jxr_string">"Could not execute .NET AssemblyAnalyzer"</span>);
<a class="jxr_linenumber" name="L269" href="#L269">269</a> }
<a class="jxr_linenumber" name="L270" href="#L270">270</a> } <strong class="jxr_keyword">catch</strong> (InitializationException e) {
<a class="jxr_linenumber" name="L271" href="#L271">271</a> setEnabled(false);
<a class="jxr_linenumber" name="L272" href="#L272">272</a> <strong class="jxr_keyword">throw</strong> e;
<a class="jxr_linenumber" name="L273" href="#L273">273</a> } <strong class="jxr_keyword">catch</strong> (Throwable e) {
<a class="jxr_linenumber" name="L274" href="#L274">274</a> LOGGER.warn(<span class="jxr_string">"An error occurred with the .NET AssemblyAnalyzer;\n"</span>
<a class="jxr_linenumber" name="L275" href="#L275">275</a> + <span class="jxr_string">"this can be ignored unless you are scanning .NET DLLs. Please see the log for more details."</span>);
<a class="jxr_linenumber" name="L276" href="#L276">276</a> LOGGER.debug(<span class="jxr_string">"Could not execute GrokAssembly {}"</span>, e.getMessage());
<a class="jxr_linenumber" name="L277" href="#L277">277</a> setEnabled(false);
<a class="jxr_linenumber" name="L278" href="#L278">278</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/exception/InitializationException.html">InitializationException</a>(<span class="jxr_string">"An error occurred with the .NET AssemblyAnalyzer"</span>, e);
<a class="jxr_linenumber" name="L279" href="#L279">279</a> }
<a class="jxr_linenumber" name="L280" href="#L280">280</a> }
<a class="jxr_linenumber" name="L281" href="#L281">281</a>
<a class="jxr_linenumber" name="L282" href="#L282">282</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L283" href="#L283">283</a> <em class="jxr_javadoccomment"> * Removes resources used from the local file system.</em>
<a class="jxr_linenumber" name="L284" href="#L284">284</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L285" href="#L285">285</a> <em class="jxr_javadoccomment"> * @throws Exception thrown if there is a problem closing the analyzer</em>
<a class="jxr_linenumber" name="L286" href="#L286">286</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L287" href="#L287">287</a> @Override
<a class="jxr_linenumber" name="L288" href="#L288">288</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> close() <strong class="jxr_keyword">throws</strong> Exception {
<a class="jxr_linenumber" name="L289" href="#L289">289</a> <strong class="jxr_keyword">super</strong>.close();
<a class="jxr_linenumber" name="L290" href="#L290">290</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L291" href="#L291">291</a> <strong class="jxr_keyword">if</strong> (grokAssemblyExe != <strong class="jxr_keyword">null</strong> &amp;&amp; !grokAssemblyExe.delete()) {
<a class="jxr_linenumber" name="L292" href="#L292">292</a> LOGGER.debug(<span class="jxr_string">"Unable to delete temporary GrokAssembly.exe; attempting delete on exit"</span>);
<a class="jxr_linenumber" name="L293" href="#L293">293</a> grokAssemblyExe.deleteOnExit();
<a class="jxr_linenumber" name="L294" href="#L294">294</a> }
<a class="jxr_linenumber" name="L295" href="#L295">295</a> } <strong class="jxr_keyword">catch</strong> (SecurityException se) {
<a class="jxr_linenumber" name="L296" href="#L296">296</a> LOGGER.debug(<span class="jxr_string">"Can't delete temporary GrokAssembly.exe"</span>);
<a class="jxr_linenumber" name="L297" href="#L297">297</a> grokAssemblyExe.deleteOnExit();
<a class="jxr_linenumber" name="L298" href="#L298">298</a> }
<a class="jxr_linenumber" name="L299" href="#L299">299</a> }
<a class="jxr_linenumber" name="L300" href="#L300">300</a>
<a class="jxr_linenumber" name="L301" href="#L301">301</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L302" href="#L302">302</a> <em class="jxr_javadoccomment"> * The File Filter used to filter supported extensions.</em>
<a class="jxr_linenumber" name="L303" href="#L303">303</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L304" href="#L304">304</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> FileFilter FILTER = FileFilterBuilder.newInstance().addExtensions(
<a class="jxr_linenumber" name="L305" href="#L305">305</a> SUPPORTED_EXTENSIONS).build();
<a class="jxr_linenumber" name="L306" href="#L306">306</a>
<a class="jxr_linenumber" name="L307" href="#L307">307</a> @Override
<a class="jxr_linenumber" name="L308" href="#L308">308</a> <strong class="jxr_keyword">protected</strong> FileFilter getFileFilter() {
<a class="jxr_linenumber" name="L309" href="#L309">309</a> <strong class="jxr_keyword">return</strong> FILTER;
<a class="jxr_linenumber" name="L310" href="#L310">310</a> }
<a class="jxr_linenumber" name="L311" href="#L311">311</a>
<a class="jxr_linenumber" name="L312" href="#L312">312</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L313" href="#L313">313</a> <em class="jxr_javadoccomment"> * Gets this analyzer's name.</em>
<a class="jxr_linenumber" name="L314" href="#L314">314</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L315" href="#L315">315</a> <em class="jxr_javadoccomment"> * @return the analyzer name</em>
<a class="jxr_linenumber" name="L316" href="#L316">316</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L317" href="#L317">317</a> @Override
<a class="jxr_linenumber" name="L318" href="#L318">318</a> <strong class="jxr_keyword">public</strong> String getName() {
<a class="jxr_linenumber" name="L319" href="#L319">319</a> <strong class="jxr_keyword">return</strong> ANALYZER_NAME;
<a class="jxr_linenumber" name="L320" href="#L320">320</a> }
<a class="jxr_linenumber" name="L321" href="#L321">321</a>
<a class="jxr_linenumber" name="L322" href="#L322">322</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L323" href="#L323">323</a> <em class="jxr_javadoccomment"> * Returns the phase this analyzer runs under.</em>
<a class="jxr_linenumber" name="L324" href="#L324">324</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L325" href="#L325">325</a> <em class="jxr_javadoccomment"> * @return the phase this runs under</em>
<a class="jxr_linenumber" name="L326" href="#L326">326</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L327" href="#L327">327</a> @Override
<a class="jxr_linenumber" name="L328" href="#L328">328</a> <strong class="jxr_keyword">public</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisPhase.html">AnalysisPhase</a> getAnalysisPhase() {
<a class="jxr_linenumber" name="L329" href="#L329">329</a> <strong class="jxr_keyword">return</strong> ANALYSIS_PHASE;
<a class="jxr_linenumber" name="L330" href="#L330">330</a> }
<a class="jxr_linenumber" name="L331" href="#L331">331</a>
<a class="jxr_linenumber" name="L332" href="#L332">332</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L333" href="#L333">333</a> <em class="jxr_javadoccomment"> * Returns the key used in the properties file to reference the analyzer's</em>
<a class="jxr_linenumber" name="L334" href="#L334">334</a> <em class="jxr_javadoccomment"> * enabled property.</em>
<a class="jxr_linenumber" name="L335" href="#L335">335</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L336" href="#L336">336</a> <em class="jxr_javadoccomment"> * @return the analyzer's enabled property setting key</em>
<a class="jxr_linenumber" name="L337" href="#L337">337</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L338" href="#L338">338</a> @Override
<a class="jxr_linenumber" name="L339" href="#L339">339</a> <strong class="jxr_keyword">protected</strong> String getAnalyzerEnabledSettingKey() {
<a class="jxr_linenumber" name="L340" href="#L340">340</a> <strong class="jxr_keyword">return</strong> Settings.KEYS.ANALYZER_ASSEMBLY_ENABLED;
<a class="jxr_linenumber" name="L341" href="#L341">341</a> }
<a class="jxr_linenumber" name="L342" href="#L342">342</a>
<a class="jxr_linenumber" name="L343" href="#L343">343</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L344" href="#L344">344</a> <em class="jxr_javadoccomment"> * Tests to see if a file is in the system path. &lt;b&gt;Note&lt;/b&gt; - the current</em>
<a class="jxr_linenumber" name="L345" href="#L345">345</a> <em class="jxr_javadoccomment"> * implementation only works on non-windows platforms. For purposes of the</em>
<a class="jxr_linenumber" name="L346" href="#L346">346</a> <em class="jxr_javadoccomment"> * AssemblyAnalyzer this is okay as this is only needed on Mac/*nix.</em>
<a class="jxr_linenumber" name="L347" href="#L347">347</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L348" href="#L348">348</a> <em class="jxr_javadoccomment"> * @param file the executable to look for</em>
<a class="jxr_linenumber" name="L349" href="#L349">349</a> <em class="jxr_javadoccomment"> * @return &lt;code&gt;true&lt;/code&gt; if the file exists; otherwise</em>
<a class="jxr_linenumber" name="L350" href="#L350">350</a> <em class="jxr_javadoccomment"> * &lt;code&gt;false&lt;/code&gt;</em>
<a class="jxr_linenumber" name="L351" href="#L351">351</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L352" href="#L352">352</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">boolean</strong> isInPath(String file) {
<a class="jxr_linenumber" name="L353" href="#L353">353</a> <strong class="jxr_keyword">final</strong> ProcessBuilder pb = <strong class="jxr_keyword">new</strong> ProcessBuilder(<span class="jxr_string">"which"</span>, file);
<a class="jxr_linenumber" name="L354" href="#L354">354</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L355" href="#L355">355</a> <strong class="jxr_keyword">final</strong> Process proc = pb.start();
<a class="jxr_linenumber" name="L356" href="#L356">356</a> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">int</strong> retCode = proc.waitFor();
<a class="jxr_linenumber" name="L357" href="#L357">357</a> <strong class="jxr_keyword">if</strong> (retCode == 0) {
<a class="jxr_linenumber" name="L358" href="#L358">358</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">true</strong>;
<a class="jxr_linenumber" name="L359" href="#L359">359</a> }
<a class="jxr_linenumber" name="L360" href="#L360">360</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
<a class="jxr_linenumber" name="L361" href="#L361">361</a> LOGGER.debug(<span class="jxr_string">"Path seach failed for "</span> + file);
<a class="jxr_linenumber" name="L362" href="#L362">362</a> } <strong class="jxr_keyword">catch</strong> (InterruptedException ex) {
<a class="jxr_linenumber" name="L363" href="#L363">363</a> LOGGER.debug(<span class="jxr_string">"Path seach failed for "</span> + file);
<a class="jxr_linenumber" name="L364" href="#L364">364</a> }
<a class="jxr_linenumber" name="L365" href="#L365">365</a> <strong class="jxr_keyword">return</strong> false;
<a class="jxr_linenumber" name="L366" href="#L366">366</a> }
<a class="jxr_linenumber" name="L367" href="#L367">367</a> }
</pre>
<hr/>
<div id="footer">Copyright &#169; 2012&#x2013;2016 <a href="http://www.owasp.org">OWASP</a>. All rights reserved.</div>

496
xref/org/owasp/dependencycheck/analyzer/AutoconfAnalyzer.html
View File

@@ -39,257 +39,251 @@
<a class="jxr_linenumber" name="L31" href="#L31">31</a> <strong class="jxr_keyword">import</strong> java.io.FileFilter;
<a class="jxr_linenumber" name="L32" href="#L32">32</a> <strong class="jxr_keyword">import</strong> java.io.IOException;
<a class="jxr_linenumber" name="L33" href="#L33">33</a> <strong class="jxr_keyword">import</strong> java.nio.charset.Charset;
<a class="jxr_linenumber" name="L34" href="#L34">34</a> <strong class="jxr_keyword">import</strong> java.util.ArrayList;
<a class="jxr_linenumber" name="L35" href="#L35">35</a> <strong class="jxr_keyword">import</strong> java.util.List;
<a class="jxr_linenumber" name="L36" href="#L36">36</a> <strong class="jxr_keyword">import</strong> java.util.regex.Matcher;
<a class="jxr_linenumber" name="L37" href="#L37">37</a> <strong class="jxr_keyword">import</strong> java.util.regex.Pattern;
<a class="jxr_linenumber" name="L38" href="#L38">38</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.exception.InitializationException;
<a class="jxr_linenumber" name="L39" href="#L39">39</a>
<a class="jxr_linenumber" name="L40" href="#L40">40</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L41" href="#L41">41</a> <em class="jxr_javadoccomment"> * Used to analyze Autoconf input files named configure.ac or configure.in.</em>
<a class="jxr_linenumber" name="L42" href="#L42">42</a> <em class="jxr_javadoccomment"> * Files simply named "configure" are also analyzed, assuming they are generated</em>
<a class="jxr_linenumber" name="L43" href="#L43">43</a> <em class="jxr_javadoccomment"> * by Autoconf, and contain certain special package descriptor variables.</em>
<a class="jxr_linenumber" name="L44" href="#L44">44</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L45" href="#L45">45</a> <em class="jxr_javadoccomment"> * @author Dale Visser</em>
<a class="jxr_linenumber" name="L46" href="#L46">46</a> <em class="jxr_javadoccomment"> * @see &lt;a href="https://www.gnu.org/software/autoconf/"&gt;Autoconf - GNU Project</em>
<a class="jxr_linenumber" name="L47" href="#L47">47</a> <em class="jxr_javadoccomment"> * - Free Software Foundation (FSF)&lt;/a&gt;</em>
<a class="jxr_linenumber" name="L48" href="#L48">48</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L49" href="#L49">49</a> @Experimental
<a class="jxr_linenumber" name="L50" href="#L50">50</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">class</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AutoconfAnalyzer.html">AutoconfAnalyzer</a> <strong class="jxr_keyword">extends</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzer.html">AbstractFileTypeAnalyzer</a> {
<a class="jxr_linenumber" name="L51" href="#L51">51</a>
<a class="jxr_linenumber" name="L52" href="#L52">52</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L53" href="#L53">53</a> <em class="jxr_javadoccomment"> * Autoconf output filename.</em>
<a class="jxr_linenumber" name="L54" href="#L54">54</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L55" href="#L55">55</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String CONFIGURE = <span class="jxr_string">"configure"</span>;
<a class="jxr_linenumber" name="L56" href="#L56">56</a>
<a class="jxr_linenumber" name="L57" href="#L57">57</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L58" href="#L58">58</a> <em class="jxr_javadoccomment"> * Autoconf input filename.</em>
<a class="jxr_linenumber" name="L59" href="#L59">59</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L60" href="#L60">60</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String CONFIGURE_IN = <span class="jxr_string">"configure.in"</span>;
<a class="jxr_linenumber" name="L61" href="#L61">61</a>
<a class="jxr_linenumber" name="L62" href="#L62">62</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L63" href="#L63">63</a> <em class="jxr_javadoccomment"> * Autoconf input filename.</em>
<a class="jxr_linenumber" name="L64" href="#L64">64</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L65" href="#L65">65</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String CONFIGURE_AC = <span class="jxr_string">"configure.ac"</span>;
<a class="jxr_linenumber" name="L66" href="#L66">66</a>
<a class="jxr_linenumber" name="L67" href="#L67">67</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L68" href="#L68">68</a> <em class="jxr_javadoccomment"> * The name of the analyzer.</em>
<a class="jxr_linenumber" name="L69" href="#L69">69</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L70" href="#L70">70</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String ANALYZER_NAME = <span class="jxr_string">"Autoconf Analyzer"</span>;
<a class="jxr_linenumber" name="L71" href="#L71">71</a>
<a class="jxr_linenumber" name="L72" href="#L72">72</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L73" href="#L73">73</a> <em class="jxr_javadoccomment"> * The phase that this analyzer is intended to run in.</em>
<a class="jxr_linenumber" name="L74" href="#L74">74</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L75" href="#L75">75</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisPhase.html">AnalysisPhase</a> ANALYSIS_PHASE = AnalysisPhase.INFORMATION_COLLECTION;
<a class="jxr_linenumber" name="L76" href="#L76">76</a>
<a class="jxr_linenumber" name="L77" href="#L77">77</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L78" href="#L78">78</a> <em class="jxr_javadoccomment"> * The set of file extensions supported by this analyzer.</em>
<a class="jxr_linenumber" name="L79" href="#L79">79</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L80" href="#L80">80</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String[] EXTENSIONS = {<span class="jxr_string">"ac"</span>, <span class="jxr_string">"in"</span>};
<a class="jxr_linenumber" name="L81" href="#L81">81</a>
<a class="jxr_linenumber" name="L82" href="#L82">82</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L83" href="#L83">83</a> <em class="jxr_javadoccomment"> * Matches AC_INIT variables in the output configure script.</em>
<a class="jxr_linenumber" name="L84" href="#L84">84</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L85" href="#L85">85</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Pattern PACKAGE_VAR = Pattern.compile(
<a class="jxr_linenumber" name="L86" href="#L86">86</a> <span class="jxr_string">"PACKAGE_(.+?)='(.*?)'"</span>, Pattern.DOTALL | Pattern.CASE_INSENSITIVE);
<a class="jxr_linenumber" name="L87" href="#L87">87</a>
<a class="jxr_linenumber" name="L88" href="#L88">88</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L89" href="#L89">89</a> <em class="jxr_javadoccomment"> * Matches AC_INIT statement in configure.ac file.</em>
<a class="jxr_linenumber" name="L90" href="#L90">90</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L91" href="#L91">91</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Pattern AC_INIT_PATTERN;
<a class="jxr_linenumber" name="L92" href="#L92">92</a>
<a class="jxr_linenumber" name="L93" href="#L93">93</a> <strong class="jxr_keyword">static</strong> {
<a class="jxr_linenumber" name="L94" href="#L94">94</a> <em class="jxr_comment">// each instance of param or sep_param has a capture group</em>
<a class="jxr_linenumber" name="L95" href="#L95">95</a> <strong class="jxr_keyword">final</strong> String param = <span class="jxr_string">"&#92;&#92;[{0,2}(.+?)&#92;&#92;]{0,2}"</span>;
<a class="jxr_linenumber" name="L96" href="#L96">96</a> <strong class="jxr_keyword">final</strong> String sepParam = <span class="jxr_string">"&#92;&#92;s*,&#92;&#92;s*"</span> + param;
<a class="jxr_linenumber" name="L97" href="#L97">97</a> <em class="jxr_comment">// Group 1: Package</em>
<a class="jxr_linenumber" name="L98" href="#L98">98</a> <em class="jxr_comment">// Group 2: Version</em>
<a class="jxr_linenumber" name="L99" href="#L99">99</a> <em class="jxr_comment">// Group 3: optional</em>
<a class="jxr_linenumber" name="L100" href="#L100">100</a> <em class="jxr_comment">// Group 4: Bug report address (if it exists)</em>
<a class="jxr_linenumber" name="L101" href="#L101">101</a> <em class="jxr_comment">// Group 5: optional</em>
<a class="jxr_linenumber" name="L102" href="#L102">102</a> <em class="jxr_comment">// Group 6: Tarname (if it exists)</em>
<a class="jxr_linenumber" name="L103" href="#L103">103</a> <em class="jxr_comment">// Group 7: optional</em>
<a class="jxr_linenumber" name="L104" href="#L104">104</a> <em class="jxr_comment">// Group 8: URL (if it exists)</em>
<a class="jxr_linenumber" name="L105" href="#L105">105</a> AC_INIT_PATTERN = Pattern.compile(String.format(
<a class="jxr_linenumber" name="L106" href="#L106">106</a> <span class="jxr_string">"AC_INIT&#92;&#92;(%s%s(%s)?(%s)?(%s)?&#92;&#92;s*&#92;&#92;)"</span>, param, sepParam,
<a class="jxr_linenumber" name="L107" href="#L107">107</a> sepParam, sepParam, sepParam), Pattern.DOTALL
<a class="jxr_linenumber" name="L108" href="#L108">108</a> | Pattern.CASE_INSENSITIVE);
<a class="jxr_linenumber" name="L109" href="#L109">109</a> }
<a class="jxr_linenumber" name="L110" href="#L110">110</a>
<a class="jxr_linenumber" name="L111" href="#L111">111</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L112" href="#L112">112</a> <em class="jxr_javadoccomment"> * The file filter used to determine which files this analyzer supports.</em>
<a class="jxr_linenumber" name="L113" href="#L113">113</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L114" href="#L114">114</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> FileFilter FILTER = FileFilterBuilder.newInstance().addFilenames(CONFIGURE).addExtensions(
<a class="jxr_linenumber" name="L115" href="#L115">115</a> EXTENSIONS).build();
<a class="jxr_linenumber" name="L116" href="#L116">116</a>
<a class="jxr_linenumber" name="L117" href="#L117">117</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L118" href="#L118">118</a> <em class="jxr_javadoccomment"> * Returns the FileFilter</em>
<a class="jxr_linenumber" name="L119" href="#L119">119</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L120" href="#L120">120</a> <em class="jxr_javadoccomment"> * @return the FileFilter</em>
<a class="jxr_linenumber" name="L121" href="#L121">121</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L122" href="#L122">122</a> @Override
<a class="jxr_linenumber" name="L123" href="#L123">123</a> <strong class="jxr_keyword">protected</strong> FileFilter getFileFilter() {
<a class="jxr_linenumber" name="L124" href="#L124">124</a> <strong class="jxr_keyword">return</strong> FILTER;
<a class="jxr_linenumber" name="L125" href="#L125">125</a> }
<a class="jxr_linenumber" name="L126" href="#L126">126</a>
<a class="jxr_linenumber" name="L127" href="#L127">127</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L128" href="#L128">128</a> <em class="jxr_javadoccomment"> * Returns the name of the analyzer.</em>
<a class="jxr_linenumber" name="L129" href="#L129">129</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L130" href="#L130">130</a> <em class="jxr_javadoccomment"> * @return the name of the analyzer.</em>
<a class="jxr_linenumber" name="L131" href="#L131">131</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L132" href="#L132">132</a> @Override
<a class="jxr_linenumber" name="L133" href="#L133">133</a> <strong class="jxr_keyword">public</strong> String getName() {
<a class="jxr_linenumber" name="L134" href="#L134">134</a> <strong class="jxr_keyword">return</strong> ANALYZER_NAME;
<a class="jxr_linenumber" name="L135" href="#L135">135</a> }
<a class="jxr_linenumber" name="L136" href="#L136">136</a>
<a class="jxr_linenumber" name="L137" href="#L137">137</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L138" href="#L138">138</a> <em class="jxr_javadoccomment"> * Returns the phase that the analyzer is intended to run in.</em>
<a class="jxr_linenumber" name="L139" href="#L139">139</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L140" href="#L140">140</a> <em class="jxr_javadoccomment"> * @return the phase that the analyzer is intended to run in.</em>
<a class="jxr_linenumber" name="L141" href="#L141">141</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L142" href="#L142">142</a> @Override
<a class="jxr_linenumber" name="L143" href="#L143">143</a> <strong class="jxr_keyword">public</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisPhase.html">AnalysisPhase</a> getAnalysisPhase() {
<a class="jxr_linenumber" name="L144" href="#L144">144</a> <strong class="jxr_keyword">return</strong> ANALYSIS_PHASE;
<a class="jxr_linenumber" name="L145" href="#L145">145</a> }
<a class="jxr_linenumber" name="L146" href="#L146">146</a>
<a class="jxr_linenumber" name="L147" href="#L147">147</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L148" href="#L148">148</a> <em class="jxr_javadoccomment"> * Returns the key used in the properties file to reference the analyzer's</em>
<a class="jxr_linenumber" name="L149" href="#L149">149</a> <em class="jxr_javadoccomment"> * enabled property.</em>
<a class="jxr_linenumber" name="L150" href="#L150">150</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L151" href="#L151">151</a> <em class="jxr_javadoccomment"> * @return the analyzer's enabled property setting key</em>
<a class="jxr_linenumber" name="L152" href="#L152">152</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L153" href="#L153">153</a> @Override
<a class="jxr_linenumber" name="L154" href="#L154">154</a> <strong class="jxr_keyword">protected</strong> String getAnalyzerEnabledSettingKey() {
<a class="jxr_linenumber" name="L155" href="#L155">155</a> <strong class="jxr_keyword">return</strong> Settings.KEYS.ANALYZER_PYTHON_DISTRIBUTION_ENABLED;
<a class="jxr_linenumber" name="L156" href="#L156">156</a> }
<a class="jxr_linenumber" name="L157" href="#L157">157</a>
<a class="jxr_linenumber" name="L158" href="#L158">158</a> @Override
<a class="jxr_linenumber" name="L159" href="#L159">159</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">void</strong> analyzeFileType(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency, <a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a> engine)
<a class="jxr_linenumber" name="L160" href="#L160">160</a> <strong class="jxr_keyword">throws</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a> {
<a class="jxr_linenumber" name="L161" href="#L161">161</a> <strong class="jxr_keyword">final</strong> File actualFile = dependency.getActualFile();
<a class="jxr_linenumber" name="L162" href="#L162">162</a> <strong class="jxr_keyword">final</strong> String name = actualFile.getName();
<a class="jxr_linenumber" name="L163" href="#L163">163</a> <strong class="jxr_keyword">if</strong> (name.startsWith(CONFIGURE)) {
<a class="jxr_linenumber" name="L164" href="#L164">164</a> <strong class="jxr_keyword">final</strong> File parent = actualFile.getParentFile();
<a class="jxr_linenumber" name="L165" href="#L165">165</a> <strong class="jxr_keyword">final</strong> String parentName = parent.getName();
<a class="jxr_linenumber" name="L166" href="#L166">166</a> dependency.setDisplayFileName(parentName + <span class="jxr_string">"/"</span> + name);
<a class="jxr_linenumber" name="L167" href="#L167">167</a> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">boolean</strong> isOutputScript = CONFIGURE.equals(name);
<a class="jxr_linenumber" name="L168" href="#L168">168</a> <strong class="jxr_keyword">if</strong> (isOutputScript || CONFIGURE_AC.equals(name)
<a class="jxr_linenumber" name="L169" href="#L169">169</a> || CONFIGURE_IN.equals(name)) {
<a class="jxr_linenumber" name="L170" href="#L170">170</a> <strong class="jxr_keyword">final</strong> String contents = getFileContents(actualFile);
<a class="jxr_linenumber" name="L171" href="#L171">171</a> <strong class="jxr_keyword">if</strong> (!contents.isEmpty()) {
<a class="jxr_linenumber" name="L172" href="#L172">172</a> <strong class="jxr_keyword">if</strong> (isOutputScript) {
<a class="jxr_linenumber" name="L173" href="#L173">173</a> extractConfigureScriptEvidence(dependency, name,
<a class="jxr_linenumber" name="L174" href="#L174">174</a> contents);
<a class="jxr_linenumber" name="L175" href="#L175">175</a> } <strong class="jxr_keyword">else</strong> {
<a class="jxr_linenumber" name="L176" href="#L176">176</a> gatherEvidence(dependency, name, contents);
<a class="jxr_linenumber" name="L177" href="#L177">177</a> }
<a class="jxr_linenumber" name="L178" href="#L178">178</a> }
<a class="jxr_linenumber" name="L179" href="#L179">179</a> }
<a class="jxr_linenumber" name="L180" href="#L180">180</a> } <strong class="jxr_keyword">else</strong> {
<a class="jxr_linenumber" name="L181" href="#L181">181</a> <em class="jxr_comment">// copy, alter and set in case some other thread is iterating over</em>
<a class="jxr_linenumber" name="L182" href="#L182">182</a> <strong class="jxr_keyword">final</strong> List&lt;Dependency&gt; dependencies = <strong class="jxr_keyword">new</strong> ArrayList&lt;Dependency&gt;(
<a class="jxr_linenumber" name="L183" href="#L183">183</a> engine.getDependencies());
<a class="jxr_linenumber" name="L184" href="#L184">184</a> dependencies.remove(dependency);
<a class="jxr_linenumber" name="L185" href="#L185">185</a> engine.setDependencies(dependencies);
<a class="jxr_linenumber" name="L186" href="#L186">186</a> }
<a class="jxr_linenumber" name="L187" href="#L187">187</a> }
<a class="jxr_linenumber" name="L188" href="#L188">188</a>
<a class="jxr_linenumber" name="L189" href="#L189">189</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L190" href="#L190">190</a> <em class="jxr_javadoccomment"> * Extracts evidence from the configuration.</em>
<a class="jxr_linenumber" name="L191" href="#L191">191</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L192" href="#L192">192</a> <em class="jxr_javadoccomment"> * @param dependency the dependency being analyzed</em>
<a class="jxr_linenumber" name="L193" href="#L193">193</a> <em class="jxr_javadoccomment"> * @param name the name of the source of evidence</em>
<a class="jxr_linenumber" name="L194" href="#L194">194</a> <em class="jxr_javadoccomment"> * @param contents the contents to analyze for evidence</em>
<a class="jxr_linenumber" name="L195" href="#L195">195</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L196" href="#L196">196</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> extractConfigureScriptEvidence(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency,
<a class="jxr_linenumber" name="L197" href="#L197">197</a> <strong class="jxr_keyword">final</strong> String name, <strong class="jxr_keyword">final</strong> String contents) {
<a class="jxr_linenumber" name="L198" href="#L198">198</a> <strong class="jxr_keyword">final</strong> Matcher matcher = PACKAGE_VAR.matcher(contents);
<a class="jxr_linenumber" name="L199" href="#L199">199</a> <strong class="jxr_keyword">while</strong> (matcher.find()) {
<a class="jxr_linenumber" name="L200" href="#L200">200</a> <strong class="jxr_keyword">final</strong> String variable = matcher.group(1);
<a class="jxr_linenumber" name="L201" href="#L201">201</a> <strong class="jxr_keyword">final</strong> String value = matcher.group(2);
<a class="jxr_linenumber" name="L202" href="#L202">202</a> <strong class="jxr_keyword">if</strong> (!value.isEmpty()) {
<a class="jxr_linenumber" name="L203" href="#L203">203</a> <strong class="jxr_keyword">if</strong> (variable.endsWith(<span class="jxr_string">"NAME"</span>)) {
<a class="jxr_linenumber" name="L204" href="#L204">204</a> dependency.getProductEvidence().addEvidence(name, variable,
<a class="jxr_linenumber" name="L205" href="#L205">205</a> value, Confidence.HIGHEST);
<a class="jxr_linenumber" name="L206" href="#L206">206</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"VERSION"</span>.equals(variable)) {
<a class="jxr_linenumber" name="L207" href="#L207">207</a> dependency.getVersionEvidence().addEvidence(name, variable,
<a class="jxr_linenumber" name="L208" href="#L208">208</a> value, Confidence.HIGHEST);
<a class="jxr_linenumber" name="L209" href="#L209">209</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"BUGREPORT"</span>.equals(variable)) {
<a class="jxr_linenumber" name="L210" href="#L210">210</a> dependency.getVendorEvidence().addEvidence(name, variable,
<a class="jxr_linenumber" name="L211" href="#L211">211</a> value, Confidence.HIGH);
<a class="jxr_linenumber" name="L212" href="#L212">212</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"URL"</span>.equals(variable)) {
<a class="jxr_linenumber" name="L213" href="#L213">213</a> dependency.getVendorEvidence().addEvidence(name, variable,
<a class="jxr_linenumber" name="L214" href="#L214">214</a> value, Confidence.HIGH);
<a class="jxr_linenumber" name="L215" href="#L215">215</a> }
<a class="jxr_linenumber" name="L216" href="#L216">216</a> }
<a class="jxr_linenumber" name="L217" href="#L217">217</a> }
<a class="jxr_linenumber" name="L218" href="#L218">218</a> }
<a class="jxr_linenumber" name="L219" href="#L219">219</a>
<a class="jxr_linenumber" name="L220" href="#L220">220</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L221" href="#L221">221</a> <em class="jxr_javadoccomment"> * Retrieves the contents of a given file.</em>
<a class="jxr_linenumber" name="L222" href="#L222">222</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L223" href="#L223">223</a> <em class="jxr_javadoccomment"> * @param actualFile the file to read</em>
<a class="jxr_linenumber" name="L224" href="#L224">224</a> <em class="jxr_javadoccomment"> * @return the contents of the file</em>
<a class="jxr_linenumber" name="L225" href="#L225">225</a> <em class="jxr_javadoccomment"> * @throws AnalysisException thrown if there is an IO Exception</em>
<a class="jxr_linenumber" name="L226" href="#L226">226</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L227" href="#L227">227</a> <strong class="jxr_keyword">private</strong> String getFileContents(<strong class="jxr_keyword">final</strong> File actualFile)
<a class="jxr_linenumber" name="L228" href="#L228">228</a> <strong class="jxr_keyword">throws</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a> {
<a class="jxr_linenumber" name="L229" href="#L229">229</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L230" href="#L230">230</a> <strong class="jxr_keyword">return</strong> FileUtils.readFileToString(actualFile, Charset.defaultCharset()).trim();
<a class="jxr_linenumber" name="L231" href="#L231">231</a> } <strong class="jxr_keyword">catch</strong> (IOException e) {
<a class="jxr_linenumber" name="L232" href="#L232">232</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(
<a class="jxr_linenumber" name="L233" href="#L233">233</a> <span class="jxr_string">"Problem occurred while reading dependency file."</span>, e);
<a class="jxr_linenumber" name="L234" href="#L234">234</a> }
<a class="jxr_linenumber" name="L235" href="#L235">235</a> }
<a class="jxr_linenumber" name="L236" href="#L236">236</a>
<a class="jxr_linenumber" name="L237" href="#L237">237</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L238" href="#L238">238</a> <em class="jxr_javadoccomment"> * Gathers evidence from a given file</em>
<a class="jxr_linenumber" name="L239" href="#L239">239</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L240" href="#L240">240</a> <em class="jxr_javadoccomment"> * @param dependency the dependency to add evidence to</em>
<a class="jxr_linenumber" name="L241" href="#L241">241</a> <em class="jxr_javadoccomment"> * @param name the source of the evidence</em>
<a class="jxr_linenumber" name="L242" href="#L242">242</a> <em class="jxr_javadoccomment"> * @param contents the evidence to analyze</em>
<a class="jxr_linenumber" name="L243" href="#L243">243</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L244" href="#L244">244</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> gatherEvidence(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency, <strong class="jxr_keyword">final</strong> String name,
<a class="jxr_linenumber" name="L245" href="#L245">245</a> String contents) {
<a class="jxr_linenumber" name="L246" href="#L246">246</a> <strong class="jxr_keyword">final</strong> Matcher matcher = AC_INIT_PATTERN.matcher(contents);
<a class="jxr_linenumber" name="L247" href="#L247">247</a> <strong class="jxr_keyword">if</strong> (matcher.find()) {
<a class="jxr_linenumber" name="L248" href="#L248">248</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/EvidenceCollection.html">EvidenceCollection</a> productEvidence = dependency
<a class="jxr_linenumber" name="L249" href="#L249">249</a> .getProductEvidence();
<a class="jxr_linenumber" name="L250" href="#L250">250</a> productEvidence.addEvidence(name, <span class="jxr_string">"Package"</span>, matcher.group(1),
<a class="jxr_linenumber" name="L251" href="#L251">251</a> Confidence.HIGHEST);
<a class="jxr_linenumber" name="L252" href="#L252">252</a> dependency.getVersionEvidence().addEvidence(name,
<a class="jxr_linenumber" name="L253" href="#L253">253</a> <span class="jxr_string">"Package Version"</span>, matcher.group(2), Confidence.HIGHEST);
<a class="jxr_linenumber" name="L254" href="#L254">254</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/EvidenceCollection.html">EvidenceCollection</a> vendorEvidence = dependency
<a class="jxr_linenumber" name="L255" href="#L255">255</a> .getVendorEvidence();
<a class="jxr_linenumber" name="L256" href="#L256">256</a> <strong class="jxr_keyword">if</strong> (<strong class="jxr_keyword">null</strong> != matcher.group(3)) {
<a class="jxr_linenumber" name="L257" href="#L257">257</a> vendorEvidence.addEvidence(name, <span class="jxr_string">"Bug report address"</span>,
<a class="jxr_linenumber" name="L258" href="#L258">258</a> matcher.group(4), Confidence.HIGH);
<a class="jxr_linenumber" name="L259" href="#L259">259</a> }
<a class="jxr_linenumber" name="L260" href="#L260">260</a> <strong class="jxr_keyword">if</strong> (<strong class="jxr_keyword">null</strong> != matcher.group(5)) {
<a class="jxr_linenumber" name="L261" href="#L261">261</a> productEvidence.addEvidence(name, <span class="jxr_string">"Tarname"</span>, matcher.group(6),
<a class="jxr_linenumber" name="L262" href="#L262">262</a> Confidence.HIGH);
<a class="jxr_linenumber" name="L263" href="#L263">263</a> }
<a class="jxr_linenumber" name="L264" href="#L264">264</a> <strong class="jxr_keyword">if</strong> (<strong class="jxr_keyword">null</strong> != matcher.group(7)) {
<a class="jxr_linenumber" name="L265" href="#L265">265</a> <strong class="jxr_keyword">final</strong> String url = matcher.group(8);
<a class="jxr_linenumber" name="L266" href="#L266">266</a> <strong class="jxr_keyword">if</strong> (UrlStringUtils.isUrl(url)) {
<a class="jxr_linenumber" name="L267" href="#L267">267</a> vendorEvidence.addEvidence(name, <span class="jxr_string">"URL"</span>, url,
<a class="jxr_linenumber" name="L268" href="#L268">268</a> Confidence.HIGH);
<a class="jxr_linenumber" name="L269" href="#L269">269</a> }
<a class="jxr_linenumber" name="L270" href="#L270">270</a> }
<a class="jxr_linenumber" name="L271" href="#L271">271</a> }
<a class="jxr_linenumber" name="L272" href="#L272">272</a> }
<a class="jxr_linenumber" name="L273" href="#L273">273</a>
<a class="jxr_linenumber" name="L274" href="#L274">274</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L275" href="#L275">275</a> <em class="jxr_javadoccomment"> * Initializes the file type analyzer.</em>
<a class="jxr_linenumber" name="L276" href="#L276">276</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L277" href="#L277">277</a> <em class="jxr_javadoccomment"> * @throws InitializationException thrown if there is an exception during</em>
<a class="jxr_linenumber" name="L278" href="#L278">278</a> <em class="jxr_javadoccomment"> * initialization</em>
<a class="jxr_linenumber" name="L279" href="#L279">279</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L280" href="#L280">280</a> @Override
<a class="jxr_linenumber" name="L281" href="#L281">281</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">void</strong> initializeFileTypeAnalyzer() <strong class="jxr_keyword">throws</strong> InitializationException {
<a class="jxr_linenumber" name="L282" href="#L282">282</a> <em class="jxr_comment">// No initialization needed.</em>
<a class="jxr_linenumber" name="L283" href="#L283">283</a> }
<a class="jxr_linenumber" name="L284" href="#L284">284</a> }
<a class="jxr_linenumber" name="L34" href="#L34">34</a> <strong class="jxr_keyword">import</strong> java.util.regex.Matcher;
<a class="jxr_linenumber" name="L35" href="#L35">35</a> <strong class="jxr_keyword">import</strong> java.util.regex.Pattern;
<a class="jxr_linenumber" name="L36" href="#L36">36</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.exception.InitializationException;
<a class="jxr_linenumber" name="L37" href="#L37">37</a>
<a class="jxr_linenumber" name="L38" href="#L38">38</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L39" href="#L39">39</a> <em class="jxr_javadoccomment"> * Used to analyze Autoconf input files named configure.ac or configure.in.</em>
<a class="jxr_linenumber" name="L40" href="#L40">40</a> <em class="jxr_javadoccomment"> * Files simply named "configure" are also analyzed, assuming they are generated</em>
<a class="jxr_linenumber" name="L41" href="#L41">41</a> <em class="jxr_javadoccomment"> * by Autoconf, and contain certain special package descriptor variables.</em>
<a class="jxr_linenumber" name="L42" href="#L42">42</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L43" href="#L43">43</a> <em class="jxr_javadoccomment"> * @author Dale Visser</em>
<a class="jxr_linenumber" name="L44" href="#L44">44</a> <em class="jxr_javadoccomment"> * @see &lt;a href="https://www.gnu.org/software/autoconf/"&gt;Autoconf - GNU Project</em>
<a class="jxr_linenumber" name="L45" href="#L45">45</a> <em class="jxr_javadoccomment"> * - Free Software Foundation (FSF)&lt;/a&gt;</em>
<a class="jxr_linenumber" name="L46" href="#L46">46</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L47" href="#L47">47</a> @Experimental
<a class="jxr_linenumber" name="L48" href="#L48">48</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">class</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AutoconfAnalyzer.html">AutoconfAnalyzer</a> <strong class="jxr_keyword">extends</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzer.html">AbstractFileTypeAnalyzer</a> {
<a class="jxr_linenumber" name="L49" href="#L49">49</a>
<a class="jxr_linenumber" name="L50" href="#L50">50</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L51" href="#L51">51</a> <em class="jxr_javadoccomment"> * Autoconf output filename.</em>
<a class="jxr_linenumber" name="L52" href="#L52">52</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L53" href="#L53">53</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String CONFIGURE = <span class="jxr_string">"configure"</span>;
<a class="jxr_linenumber" name="L54" href="#L54">54</a>
<a class="jxr_linenumber" name="L55" href="#L55">55</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L56" href="#L56">56</a> <em class="jxr_javadoccomment"> * Autoconf input filename.</em>
<a class="jxr_linenumber" name="L57" href="#L57">57</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L58" href="#L58">58</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String CONFIGURE_IN = <span class="jxr_string">"configure.in"</span>;
<a class="jxr_linenumber" name="L59" href="#L59">59</a>
<a class="jxr_linenumber" name="L60" href="#L60">60</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L61" href="#L61">61</a> <em class="jxr_javadoccomment"> * Autoconf input filename.</em>
<a class="jxr_linenumber" name="L62" href="#L62">62</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L63" href="#L63">63</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String CONFIGURE_AC = <span class="jxr_string">"configure.ac"</span>;
<a class="jxr_linenumber" name="L64" href="#L64">64</a>
<a class="jxr_linenumber" name="L65" href="#L65">65</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L66" href="#L66">66</a> <em class="jxr_javadoccomment"> * The name of the analyzer.</em>
<a class="jxr_linenumber" name="L67" href="#L67">67</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L68" href="#L68">68</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String ANALYZER_NAME = <span class="jxr_string">"Autoconf Analyzer"</span>;
<a class="jxr_linenumber" name="L69" href="#L69">69</a>
<a class="jxr_linenumber" name="L70" href="#L70">70</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L71" href="#L71">71</a> <em class="jxr_javadoccomment"> * The phase that this analyzer is intended to run in.</em>
<a class="jxr_linenumber" name="L72" href="#L72">72</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L73" href="#L73">73</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisPhase.html">AnalysisPhase</a> ANALYSIS_PHASE = AnalysisPhase.INFORMATION_COLLECTION;
<a class="jxr_linenumber" name="L74" href="#L74">74</a>
<a class="jxr_linenumber" name="L75" href="#L75">75</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L76" href="#L76">76</a> <em class="jxr_javadoccomment"> * The set of file extensions supported by this analyzer.</em>
<a class="jxr_linenumber" name="L77" href="#L77">77</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L78" href="#L78">78</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String[] EXTENSIONS = {<span class="jxr_string">"ac"</span>, <span class="jxr_string">"in"</span>};
<a class="jxr_linenumber" name="L79" href="#L79">79</a>
<a class="jxr_linenumber" name="L80" href="#L80">80</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L81" href="#L81">81</a> <em class="jxr_javadoccomment"> * Matches AC_INIT variables in the output configure script.</em>
<a class="jxr_linenumber" name="L82" href="#L82">82</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L83" href="#L83">83</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Pattern PACKAGE_VAR = Pattern.compile(
<a class="jxr_linenumber" name="L84" href="#L84">84</a> <span class="jxr_string">"PACKAGE_(.+?)='(.*?)'"</span>, Pattern.DOTALL | Pattern.CASE_INSENSITIVE);
<a class="jxr_linenumber" name="L85" href="#L85">85</a>
<a class="jxr_linenumber" name="L86" href="#L86">86</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L87" href="#L87">87</a> <em class="jxr_javadoccomment"> * Matches AC_INIT statement in configure.ac file.</em>
<a class="jxr_linenumber" name="L88" href="#L88">88</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L89" href="#L89">89</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Pattern AC_INIT_PATTERN;
<a class="jxr_linenumber" name="L90" href="#L90">90</a>
<a class="jxr_linenumber" name="L91" href="#L91">91</a> <strong class="jxr_keyword">static</strong> {
<a class="jxr_linenumber" name="L92" href="#L92">92</a> <em class="jxr_comment">// each instance of param or sep_param has a capture group</em>
<a class="jxr_linenumber" name="L93" href="#L93">93</a> <strong class="jxr_keyword">final</strong> String param = <span class="jxr_string">"&#92;&#92;[{0,2}(.+?)&#92;&#92;]{0,2}"</span>;
<a class="jxr_linenumber" name="L94" href="#L94">94</a> <strong class="jxr_keyword">final</strong> String sepParam = <span class="jxr_string">"&#92;&#92;s*,&#92;&#92;s*"</span> + param;
<a class="jxr_linenumber" name="L95" href="#L95">95</a> <em class="jxr_comment">// Group 1: Package</em>
<a class="jxr_linenumber" name="L96" href="#L96">96</a> <em class="jxr_comment">// Group 2: Version</em>
<a class="jxr_linenumber" name="L97" href="#L97">97</a> <em class="jxr_comment">// Group 3: optional</em>
<a class="jxr_linenumber" name="L98" href="#L98">98</a> <em class="jxr_comment">// Group 4: Bug report address (if it exists)</em>
<a class="jxr_linenumber" name="L99" href="#L99">99</a> <em class="jxr_comment">// Group 5: optional</em>
<a class="jxr_linenumber" name="L100" href="#L100">100</a> <em class="jxr_comment">// Group 6: Tarname (if it exists)</em>
<a class="jxr_linenumber" name="L101" href="#L101">101</a> <em class="jxr_comment">// Group 7: optional</em>
<a class="jxr_linenumber" name="L102" href="#L102">102</a> <em class="jxr_comment">// Group 8: URL (if it exists)</em>
<a class="jxr_linenumber" name="L103" href="#L103">103</a> AC_INIT_PATTERN = Pattern.compile(String.format(
<a class="jxr_linenumber" name="L104" href="#L104">104</a> <span class="jxr_string">"AC_INIT&#92;&#92;(%s%s(%s)?(%s)?(%s)?&#92;&#92;s*&#92;&#92;)"</span>, param, sepParam,
<a class="jxr_linenumber" name="L105" href="#L105">105</a> sepParam, sepParam, sepParam), Pattern.DOTALL
<a class="jxr_linenumber" name="L106" href="#L106">106</a> | Pattern.CASE_INSENSITIVE);
<a class="jxr_linenumber" name="L107" href="#L107">107</a> }
<a class="jxr_linenumber" name="L108" href="#L108">108</a>
<a class="jxr_linenumber" name="L109" href="#L109">109</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L110" href="#L110">110</a> <em class="jxr_javadoccomment"> * The file filter used to determine which files this analyzer supports.</em>
<a class="jxr_linenumber" name="L111" href="#L111">111</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L112" href="#L112">112</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> FileFilter FILTER = FileFilterBuilder.newInstance().addFilenames(CONFIGURE).addExtensions(
<a class="jxr_linenumber" name="L113" href="#L113">113</a> EXTENSIONS).build();
<a class="jxr_linenumber" name="L114" href="#L114">114</a>
<a class="jxr_linenumber" name="L115" href="#L115">115</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L116" href="#L116">116</a> <em class="jxr_javadoccomment"> * Returns the FileFilter</em>
<a class="jxr_linenumber" name="L117" href="#L117">117</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L118" href="#L118">118</a> <em class="jxr_javadoccomment"> * @return the FileFilter</em>
<a class="jxr_linenumber" name="L119" href="#L119">119</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L120" href="#L120">120</a> @Override
<a class="jxr_linenumber" name="L121" href="#L121">121</a> <strong class="jxr_keyword">protected</strong> FileFilter getFileFilter() {
<a class="jxr_linenumber" name="L122" href="#L122">122</a> <strong class="jxr_keyword">return</strong> FILTER;
<a class="jxr_linenumber" name="L123" href="#L123">123</a> }
<a class="jxr_linenumber" name="L124" href="#L124">124</a>
<a class="jxr_linenumber" name="L125" href="#L125">125</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L126" href="#L126">126</a> <em class="jxr_javadoccomment"> * Returns the name of the analyzer.</em>
<a class="jxr_linenumber" name="L127" href="#L127">127</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L128" href="#L128">128</a> <em class="jxr_javadoccomment"> * @return the name of the analyzer.</em>
<a class="jxr_linenumber" name="L129" href="#L129">129</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L130" href="#L130">130</a> @Override
<a class="jxr_linenumber" name="L131" href="#L131">131</a> <strong class="jxr_keyword">public</strong> String getName() {
<a class="jxr_linenumber" name="L132" href="#L132">132</a> <strong class="jxr_keyword">return</strong> ANALYZER_NAME;
<a class="jxr_linenumber" name="L133" href="#L133">133</a> }
<a class="jxr_linenumber" name="L134" href="#L134">134</a>
<a class="jxr_linenumber" name="L135" href="#L135">135</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L136" href="#L136">136</a> <em class="jxr_javadoccomment"> * Returns the phase that the analyzer is intended to run in.</em>
<a class="jxr_linenumber" name="L137" href="#L137">137</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L138" href="#L138">138</a> <em class="jxr_javadoccomment"> * @return the phase that the analyzer is intended to run in.</em>
<a class="jxr_linenumber" name="L139" href="#L139">139</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L140" href="#L140">140</a> @Override
<a class="jxr_linenumber" name="L141" href="#L141">141</a> <strong class="jxr_keyword">public</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisPhase.html">AnalysisPhase</a> getAnalysisPhase() {
<a class="jxr_linenumber" name="L142" href="#L142">142</a> <strong class="jxr_keyword">return</strong> ANALYSIS_PHASE;
<a class="jxr_linenumber" name="L143" href="#L143">143</a> }
<a class="jxr_linenumber" name="L144" href="#L144">144</a>
<a class="jxr_linenumber" name="L145" href="#L145">145</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L146" href="#L146">146</a> <em class="jxr_javadoccomment"> * Returns the key used in the properties file to reference the analyzer's</em>
<a class="jxr_linenumber" name="L147" href="#L147">147</a> <em class="jxr_javadoccomment"> * enabled property.</em>
<a class="jxr_linenumber" name="L148" href="#L148">148</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L149" href="#L149">149</a> <em class="jxr_javadoccomment"> * @return the analyzer's enabled property setting key</em>
<a class="jxr_linenumber" name="L150" href="#L150">150</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L151" href="#L151">151</a> @Override
<a class="jxr_linenumber" name="L152" href="#L152">152</a> <strong class="jxr_keyword">protected</strong> String getAnalyzerEnabledSettingKey() {
<a class="jxr_linenumber" name="L153" href="#L153">153</a> <strong class="jxr_keyword">return</strong> Settings.KEYS.ANALYZER_PYTHON_DISTRIBUTION_ENABLED;
<a class="jxr_linenumber" name="L154" href="#L154">154</a> }
<a class="jxr_linenumber" name="L155" href="#L155">155</a>
<a class="jxr_linenumber" name="L156" href="#L156">156</a> @Override
<a class="jxr_linenumber" name="L157" href="#L157">157</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">void</strong> analyzeFileType(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency, <a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a> engine)
<a class="jxr_linenumber" name="L158" href="#L158">158</a> <strong class="jxr_keyword">throws</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a> {
<a class="jxr_linenumber" name="L159" href="#L159">159</a> <strong class="jxr_keyword">final</strong> File actualFile = dependency.getActualFile();
<a class="jxr_linenumber" name="L160" href="#L160">160</a> <strong class="jxr_keyword">final</strong> String name = actualFile.getName();
<a class="jxr_linenumber" name="L161" href="#L161">161</a> <strong class="jxr_keyword">if</strong> (name.startsWith(CONFIGURE)) {
<a class="jxr_linenumber" name="L162" href="#L162">162</a> <strong class="jxr_keyword">final</strong> File parent = actualFile.getParentFile();
<a class="jxr_linenumber" name="L163" href="#L163">163</a> <strong class="jxr_keyword">final</strong> String parentName = parent.getName();
<a class="jxr_linenumber" name="L164" href="#L164">164</a> dependency.setDisplayFileName(parentName + <span class="jxr_string">"/"</span> + name);
<a class="jxr_linenumber" name="L165" href="#L165">165</a> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">boolean</strong> isOutputScript = CONFIGURE.equals(name);
<a class="jxr_linenumber" name="L166" href="#L166">166</a> <strong class="jxr_keyword">if</strong> (isOutputScript || CONFIGURE_AC.equals(name)
<a class="jxr_linenumber" name="L167" href="#L167">167</a> || CONFIGURE_IN.equals(name)) {
<a class="jxr_linenumber" name="L168" href="#L168">168</a> <strong class="jxr_keyword">final</strong> String contents = getFileContents(actualFile);
<a class="jxr_linenumber" name="L169" href="#L169">169</a> <strong class="jxr_keyword">if</strong> (!contents.isEmpty()) {
<a class="jxr_linenumber" name="L170" href="#L170">170</a> <strong class="jxr_keyword">if</strong> (isOutputScript) {
<a class="jxr_linenumber" name="L171" href="#L171">171</a> extractConfigureScriptEvidence(dependency, name,
<a class="jxr_linenumber" name="L172" href="#L172">172</a> contents);
<a class="jxr_linenumber" name="L173" href="#L173">173</a> } <strong class="jxr_keyword">else</strong> {
<a class="jxr_linenumber" name="L174" href="#L174">174</a> gatherEvidence(dependency, name, contents);
<a class="jxr_linenumber" name="L175" href="#L175">175</a> }
<a class="jxr_linenumber" name="L176" href="#L176">176</a> }
<a class="jxr_linenumber" name="L177" href="#L177">177</a> }
<a class="jxr_linenumber" name="L178" href="#L178">178</a> } <strong class="jxr_keyword">else</strong> {
<a class="jxr_linenumber" name="L179" href="#L179">179</a> engine.getDependencies().remove(dependency);
<a class="jxr_linenumber" name="L180" href="#L180">180</a> }
<a class="jxr_linenumber" name="L181" href="#L181">181</a> }
<a class="jxr_linenumber" name="L182" href="#L182">182</a>
<a class="jxr_linenumber" name="L183" href="#L183">183</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L184" href="#L184">184</a> <em class="jxr_javadoccomment"> * Extracts evidence from the configuration.</em>
<a class="jxr_linenumber" name="L185" href="#L185">185</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L186" href="#L186">186</a> <em class="jxr_javadoccomment"> * @param dependency the dependency being analyzed</em>
<a class="jxr_linenumber" name="L187" href="#L187">187</a> <em class="jxr_javadoccomment"> * @param name the name of the source of evidence</em>
<a class="jxr_linenumber" name="L188" href="#L188">188</a> <em class="jxr_javadoccomment"> * @param contents the contents to analyze for evidence</em>
<a class="jxr_linenumber" name="L189" href="#L189">189</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L190" href="#L190">190</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> extractConfigureScriptEvidence(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency,
<a class="jxr_linenumber" name="L191" href="#L191">191</a> <strong class="jxr_keyword">final</strong> String name, <strong class="jxr_keyword">final</strong> String contents) {
<a class="jxr_linenumber" name="L192" href="#L192">192</a> <strong class="jxr_keyword">final</strong> Matcher matcher = PACKAGE_VAR.matcher(contents);
<a class="jxr_linenumber" name="L193" href="#L193">193</a> <strong class="jxr_keyword">while</strong> (matcher.find()) {
<a class="jxr_linenumber" name="L194" href="#L194">194</a> <strong class="jxr_keyword">final</strong> String variable = matcher.group(1);
<a class="jxr_linenumber" name="L195" href="#L195">195</a> <strong class="jxr_keyword">final</strong> String value = matcher.group(2);
<a class="jxr_linenumber" name="L196" href="#L196">196</a> <strong class="jxr_keyword">if</strong> (!value.isEmpty()) {
<a class="jxr_linenumber" name="L197" href="#L197">197</a> <strong class="jxr_keyword">if</strong> (variable.endsWith(<span class="jxr_string">"NAME"</span>)) {
<a class="jxr_linenumber" name="L198" href="#L198">198</a> dependency.getProductEvidence().addEvidence(name, variable,
<a class="jxr_linenumber" name="L199" href="#L199">199</a> value, Confidence.HIGHEST);
<a class="jxr_linenumber" name="L200" href="#L200">200</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"VERSION"</span>.equals(variable)) {
<a class="jxr_linenumber" name="L201" href="#L201">201</a> dependency.getVersionEvidence().addEvidence(name, variable,
<a class="jxr_linenumber" name="L202" href="#L202">202</a> value, Confidence.HIGHEST);
<a class="jxr_linenumber" name="L203" href="#L203">203</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"BUGREPORT"</span>.equals(variable)) {
<a class="jxr_linenumber" name="L204" href="#L204">204</a> dependency.getVendorEvidence().addEvidence(name, variable,
<a class="jxr_linenumber" name="L205" href="#L205">205</a> value, Confidence.HIGH);
<a class="jxr_linenumber" name="L206" href="#L206">206</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"URL"</span>.equals(variable)) {
<a class="jxr_linenumber" name="L207" href="#L207">207</a> dependency.getVendorEvidence().addEvidence(name, variable,
<a class="jxr_linenumber" name="L208" href="#L208">208</a> value, Confidence.HIGH);
<a class="jxr_linenumber" name="L209" href="#L209">209</a> }
<a class="jxr_linenumber" name="L210" href="#L210">210</a> }
<a class="jxr_linenumber" name="L211" href="#L211">211</a> }
<a class="jxr_linenumber" name="L212" href="#L212">212</a> }
<a class="jxr_linenumber" name="L213" href="#L213">213</a>
<a class="jxr_linenumber" name="L214" href="#L214">214</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L215" href="#L215">215</a> <em class="jxr_javadoccomment"> * Retrieves the contents of a given file.</em>
<a class="jxr_linenumber" name="L216" href="#L216">216</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L217" href="#L217">217</a> <em class="jxr_javadoccomment"> * @param actualFile the file to read</em>
<a class="jxr_linenumber" name="L218" href="#L218">218</a> <em class="jxr_javadoccomment"> * @return the contents of the file</em>
<a class="jxr_linenumber" name="L219" href="#L219">219</a> <em class="jxr_javadoccomment"> * @throws AnalysisException thrown if there is an IO Exception</em>
<a class="jxr_linenumber" name="L220" href="#L220">220</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L221" href="#L221">221</a> <strong class="jxr_keyword">private</strong> String getFileContents(<strong class="jxr_keyword">final</strong> File actualFile)
<a class="jxr_linenumber" name="L222" href="#L222">222</a> <strong class="jxr_keyword">throws</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a> {
<a class="jxr_linenumber" name="L223" href="#L223">223</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L224" href="#L224">224</a> <strong class="jxr_keyword">return</strong> FileUtils.readFileToString(actualFile, Charset.defaultCharset()).trim();
<a class="jxr_linenumber" name="L225" href="#L225">225</a> } <strong class="jxr_keyword">catch</strong> (IOException e) {
<a class="jxr_linenumber" name="L226" href="#L226">226</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(
<a class="jxr_linenumber" name="L227" href="#L227">227</a> <span class="jxr_string">"Problem occurred while reading dependency file."</span>, e);
<a class="jxr_linenumber" name="L228" href="#L228">228</a> }
<a class="jxr_linenumber" name="L229" href="#L229">229</a> }
<a class="jxr_linenumber" name="L230" href="#L230">230</a>
<a class="jxr_linenumber" name="L231" href="#L231">231</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L232" href="#L232">232</a> <em class="jxr_javadoccomment"> * Gathers evidence from a given file</em>
<a class="jxr_linenumber" name="L233" href="#L233">233</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L234" href="#L234">234</a> <em class="jxr_javadoccomment"> * @param dependency the dependency to add evidence to</em>
<a class="jxr_linenumber" name="L235" href="#L235">235</a> <em class="jxr_javadoccomment"> * @param name the source of the evidence</em>
<a class="jxr_linenumber" name="L236" href="#L236">236</a> <em class="jxr_javadoccomment"> * @param contents the evidence to analyze</em>
<a class="jxr_linenumber" name="L237" href="#L237">237</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L238" href="#L238">238</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> gatherEvidence(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency, <strong class="jxr_keyword">final</strong> String name,
<a class="jxr_linenumber" name="L239" href="#L239">239</a> String contents) {
<a class="jxr_linenumber" name="L240" href="#L240">240</a> <strong class="jxr_keyword">final</strong> Matcher matcher = AC_INIT_PATTERN.matcher(contents);
<a class="jxr_linenumber" name="L241" href="#L241">241</a> <strong class="jxr_keyword">if</strong> (matcher.find()) {
<a class="jxr_linenumber" name="L242" href="#L242">242</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/EvidenceCollection.html">EvidenceCollection</a> productEvidence = dependency
<a class="jxr_linenumber" name="L243" href="#L243">243</a> .getProductEvidence();
<a class="jxr_linenumber" name="L244" href="#L244">244</a> productEvidence.addEvidence(name, <span class="jxr_string">"Package"</span>, matcher.group(1),
<a class="jxr_linenumber" name="L245" href="#L245">245</a> Confidence.HIGHEST);
<a class="jxr_linenumber" name="L246" href="#L246">246</a> dependency.getVersionEvidence().addEvidence(name,
<a class="jxr_linenumber" name="L247" href="#L247">247</a> <span class="jxr_string">"Package Version"</span>, matcher.group(2), Confidence.HIGHEST);
<a class="jxr_linenumber" name="L248" href="#L248">248</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/EvidenceCollection.html">EvidenceCollection</a> vendorEvidence = dependency
<a class="jxr_linenumber" name="L249" href="#L249">249</a> .getVendorEvidence();
<a class="jxr_linenumber" name="L250" href="#L250">250</a> <strong class="jxr_keyword">if</strong> (<strong class="jxr_keyword">null</strong> != matcher.group(3)) {
<a class="jxr_linenumber" name="L251" href="#L251">251</a> vendorEvidence.addEvidence(name, <span class="jxr_string">"Bug report address"</span>,
<a class="jxr_linenumber" name="L252" href="#L252">252</a> matcher.group(4), Confidence.HIGH);
<a class="jxr_linenumber" name="L253" href="#L253">253</a> }
<a class="jxr_linenumber" name="L254" href="#L254">254</a> <strong class="jxr_keyword">if</strong> (<strong class="jxr_keyword">null</strong> != matcher.group(5)) {
<a class="jxr_linenumber" name="L255" href="#L255">255</a> productEvidence.addEvidence(name, <span class="jxr_string">"Tarname"</span>, matcher.group(6),
<a class="jxr_linenumber" name="L256" href="#L256">256</a> Confidence.HIGH);
<a class="jxr_linenumber" name="L257" href="#L257">257</a> }
<a class="jxr_linenumber" name="L258" href="#L258">258</a> <strong class="jxr_keyword">if</strong> (<strong class="jxr_keyword">null</strong> != matcher.group(7)) {
<a class="jxr_linenumber" name="L259" href="#L259">259</a> <strong class="jxr_keyword">final</strong> String url = matcher.group(8);
<a class="jxr_linenumber" name="L260" href="#L260">260</a> <strong class="jxr_keyword">if</strong> (UrlStringUtils.isUrl(url)) {
<a class="jxr_linenumber" name="L261" href="#L261">261</a> vendorEvidence.addEvidence(name, <span class="jxr_string">"URL"</span>, url,
<a class="jxr_linenumber" name="L262" href="#L262">262</a> Confidence.HIGH);
<a class="jxr_linenumber" name="L263" href="#L263">263</a> }
<a class="jxr_linenumber" name="L264" href="#L264">264</a> }
<a class="jxr_linenumber" name="L265" href="#L265">265</a> }
<a class="jxr_linenumber" name="L266" href="#L266">266</a> }
<a class="jxr_linenumber" name="L267" href="#L267">267</a>
<a class="jxr_linenumber" name="L268" href="#L268">268</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L269" href="#L269">269</a> <em class="jxr_javadoccomment"> * Initializes the file type analyzer.</em>
<a class="jxr_linenumber" name="L270" href="#L270">270</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L271" href="#L271">271</a> <em class="jxr_javadoccomment"> * @throws InitializationException thrown if there is an exception during</em>
<a class="jxr_linenumber" name="L272" href="#L272">272</a> <em class="jxr_javadoccomment"> * initialization</em>
<a class="jxr_linenumber" name="L273" href="#L273">273</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L274" href="#L274">274</a> @Override
<a class="jxr_linenumber" name="L275" href="#L275">275</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">void</strong> initializeFileTypeAnalyzer() <strong class="jxr_keyword">throws</strong> InitializationException {
<a class="jxr_linenumber" name="L276" href="#L276">276</a> <em class="jxr_comment">// No initialization needed.</em>
<a class="jxr_linenumber" name="L277" href="#L277">277</a> }
<a class="jxr_linenumber" name="L278" href="#L278">278</a> }
</pre>
<hr/>
<div id="footer">Copyright &#169; 2012&#x2013;2016 <a href="http://www.owasp.org">OWASP</a>. All rights reserved.</div>

313
xref/org/owasp/dependencycheck/analyzer/CMakeAnalyzer.html
View File

@@ -101,159 +101,166 @@
<a class="jxr_linenumber" name="L93" href="#L93">93</a> .addFilenames(<span class="jxr_string">"CMakeLists.txt"</span>).build();
<a class="jxr_linenumber" name="L94" href="#L94">94</a>
<a class="jxr_linenumber" name="L95" href="#L95">95</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L96" href="#L96">96</a> <em class="jxr_javadoccomment"> * A reference to SHA1 message digest.</em>
<a class="jxr_linenumber" name="L97" href="#L97">97</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L98" href="#L98">98</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> MessageDigest sha1 = <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="L99" href="#L99">99</a>
<a class="jxr_linenumber" name="L100" href="#L100">100</a> <strong class="jxr_keyword">static</strong> {
<a class="jxr_linenumber" name="L101" href="#L101">101</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L102" href="#L102">102</a> sha1 = MessageDigest.getInstance(<span class="jxr_string">"SHA1"</span>);
<a class="jxr_linenumber" name="L103" href="#L103">103</a> } <strong class="jxr_keyword">catch</strong> (NoSuchAlgorithmException e) {
<a class="jxr_linenumber" name="L104" href="#L104">104</a> LOGGER.error(e.getMessage());
<a class="jxr_linenumber" name="L105" href="#L105">105</a> }
<a class="jxr_linenumber" name="L106" href="#L106">106</a> }
<a class="jxr_linenumber" name="L107" href="#L107">107</a>
<a class="jxr_linenumber" name="L108" href="#L108">108</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L109" href="#L109">109</a> <em class="jxr_javadoccomment"> * Returns the name of the CMake analyzer.</em>
<a class="jxr_linenumber" name="L110" href="#L110">110</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L111" href="#L111">111</a> <em class="jxr_javadoccomment"> * @return the name of the analyzer</em>
<a class="jxr_linenumber" name="L112" href="#L112">112</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L113" href="#L113">113</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L114" href="#L114">114</a> @Override
<a class="jxr_linenumber" name="L115" href="#L115">115</a> <strong class="jxr_keyword">public</strong> String getName() {
<a class="jxr_linenumber" name="L116" href="#L116">116</a> <strong class="jxr_keyword">return</strong> <span class="jxr_string">"CMake Analyzer"</span>;
<a class="jxr_linenumber" name="L117" href="#L117">117</a> }
<a class="jxr_linenumber" name="L118" href="#L118">118</a>
<a class="jxr_linenumber" name="L119" href="#L119">119</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L120" href="#L120">120</a> <em class="jxr_javadoccomment"> * Tell that we are used for information collection.</em>
<a class="jxr_linenumber" name="L121" href="#L121">121</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L122" href="#L122">122</a> <em class="jxr_javadoccomment"> * @return INFORMATION_COLLECTION</em>
<a class="jxr_linenumber" name="L123" href="#L123">123</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L124" href="#L124">124</a> @Override
<a class="jxr_linenumber" name="L125" href="#L125">125</a> <strong class="jxr_keyword">public</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisPhase.html">AnalysisPhase</a> getAnalysisPhase() {
<a class="jxr_linenumber" name="L126" href="#L126">126</a> <strong class="jxr_keyword">return</strong> AnalysisPhase.INFORMATION_COLLECTION;
<a class="jxr_linenumber" name="L127" href="#L127">127</a> }
<a class="jxr_linenumber" name="L128" href="#L128">128</a>
<a class="jxr_linenumber" name="L129" href="#L129">129</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L130" href="#L130">130</a> <em class="jxr_javadoccomment"> * Returns the set of supported file extensions.</em>
<a class="jxr_linenumber" name="L131" href="#L131">131</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L132" href="#L132">132</a> <em class="jxr_javadoccomment"> * @return the set of supported file extensions</em>
<a class="jxr_linenumber" name="L133" href="#L133">133</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L134" href="#L134">134</a> @Override
<a class="jxr_linenumber" name="L135" href="#L135">135</a> <strong class="jxr_keyword">protected</strong> FileFilter getFileFilter() {
<a class="jxr_linenumber" name="L136" href="#L136">136</a> <strong class="jxr_keyword">return</strong> FILTER;
<a class="jxr_linenumber" name="L137" href="#L137">137</a> }
<a class="jxr_linenumber" name="L138" href="#L138">138</a>
<a class="jxr_linenumber" name="L139" href="#L139">139</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L140" href="#L140">140</a> <em class="jxr_javadoccomment"> * No-op initializer implementation.</em>
<a class="jxr_linenumber" name="L141" href="#L141">141</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L142" href="#L142">142</a> <em class="jxr_javadoccomment"> * @throws InitializationException never thrown</em>
<a class="jxr_linenumber" name="L143" href="#L143">143</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L144" href="#L144">144</a> @Override
<a class="jxr_linenumber" name="L145" href="#L145">145</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">void</strong> initializeFileTypeAnalyzer() <strong class="jxr_keyword">throws</strong> InitializationException {
<a class="jxr_linenumber" name="L146" href="#L146">146</a> <em class="jxr_comment">// Nothing to do here.</em>
<a class="jxr_linenumber" name="L147" href="#L147">147</a> }
<a class="jxr_linenumber" name="L148" href="#L148">148</a>
<a class="jxr_linenumber" name="L149" href="#L149">149</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L150" href="#L150">150</a> <em class="jxr_javadoccomment"> * Analyzes python packages and adds evidence to the dependency.</em>
<a class="jxr_linenumber" name="L151" href="#L151">151</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L152" href="#L152">152</a> <em class="jxr_javadoccomment"> * @param dependency the dependency being analyzed</em>
<a class="jxr_linenumber" name="L153" href="#L153">153</a> <em class="jxr_javadoccomment"> * @param engine the engine being used to perform the scan</em>
<a class="jxr_linenumber" name="L154" href="#L154">154</a> <em class="jxr_javadoccomment"> * @throws AnalysisException thrown if there is an unrecoverable error</em>
<a class="jxr_linenumber" name="L155" href="#L155">155</a> <em class="jxr_javadoccomment"> * analyzing the dependency</em>
<a class="jxr_linenumber" name="L156" href="#L156">156</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L157" href="#L157">157</a> @Override
<a class="jxr_linenumber" name="L158" href="#L158">158</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">void</strong> analyzeFileType(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency, <a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a> engine)
<a class="jxr_linenumber" name="L159" href="#L159">159</a> <strong class="jxr_keyword">throws</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a> {
<a class="jxr_linenumber" name="L160" href="#L160">160</a> <strong class="jxr_keyword">final</strong> File file = dependency.getActualFile();
<a class="jxr_linenumber" name="L161" href="#L161">161</a> <strong class="jxr_keyword">final</strong> String parentName = file.getParentFile().getName();
<a class="jxr_linenumber" name="L162" href="#L162">162</a> <strong class="jxr_keyword">final</strong> String name = file.getName();
<a class="jxr_linenumber" name="L163" href="#L163">163</a> dependency.setDisplayFileName(String.format(<span class="jxr_string">"%s%c%s"</span>, parentName, File.separatorChar, name));
<a class="jxr_linenumber" name="L164" href="#L164">164</a> String contents;
<a class="jxr_linenumber" name="L165" href="#L165">165</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L166" href="#L166">166</a> contents = FileUtils.readFileToString(file, Charset.defaultCharset()).trim();
<a class="jxr_linenumber" name="L167" href="#L167">167</a> } <strong class="jxr_keyword">catch</strong> (IOException e) {
<a class="jxr_linenumber" name="L168" href="#L168">168</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(
<a class="jxr_linenumber" name="L169" href="#L169">169</a> <span class="jxr_string">"Problem occurred while reading dependency file."</span>, e);
<a class="jxr_linenumber" name="L170" href="#L170">170</a> }
<a class="jxr_linenumber" name="L171" href="#L171">171</a>
<a class="jxr_linenumber" name="L172" href="#L172">172</a> <strong class="jxr_keyword">if</strong> (StringUtils.isNotBlank(contents)) {
<a class="jxr_linenumber" name="L173" href="#L173">173</a> <strong class="jxr_keyword">final</strong> Matcher m = PROJECT.matcher(contents);
<a class="jxr_linenumber" name="L174" href="#L174">174</a> <strong class="jxr_keyword">int</strong> count = 0;
<a class="jxr_linenumber" name="L175" href="#L175">175</a> <strong class="jxr_keyword">while</strong> (m.find()) {
<a class="jxr_linenumber" name="L176" href="#L176">176</a> count++;
<a class="jxr_linenumber" name="L177" href="#L177">177</a> LOGGER.debug(String.format(
<a class="jxr_linenumber" name="L178" href="#L178">178</a> <span class="jxr_string">"Found project command match with %d groups: %s"</span>,
<a class="jxr_linenumber" name="L179" href="#L179">179</a> m.groupCount(), m.group(0)));
<a class="jxr_linenumber" name="L180" href="#L180">180</a> <strong class="jxr_keyword">final</strong> String group = m.group(1);
<a class="jxr_linenumber" name="L181" href="#L181">181</a> LOGGER.debug(<span class="jxr_string">"Group 1: "</span> + group);
<a class="jxr_linenumber" name="L182" href="#L182">182</a> dependency.getProductEvidence().addEvidence(name, <span class="jxr_string">"Project"</span>,
<a class="jxr_linenumber" name="L183" href="#L183">183</a> group, Confidence.HIGH);
<a class="jxr_linenumber" name="L184" href="#L184">184</a> }
<a class="jxr_linenumber" name="L185" href="#L185">185</a> LOGGER.debug(<span class="jxr_string">"Found {} matches."</span>, count);
<a class="jxr_linenumber" name="L186" href="#L186">186</a> analyzeSetVersionCommand(dependency, engine, contents);
<a class="jxr_linenumber" name="L187" href="#L187">187</a> }
<a class="jxr_linenumber" name="L188" href="#L188">188</a> }
<a class="jxr_linenumber" name="L189" href="#L189">189</a>
<a class="jxr_linenumber" name="L190" href="#L190">190</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L191" href="#L191">191</a> <em class="jxr_javadoccomment"> * Extracts the version information from the contents. If more then one</em>
<a class="jxr_linenumber" name="L192" href="#L192">192</a> <em class="jxr_javadoccomment"> * version is found additional dependencies are added to the dependency</em>
<a class="jxr_linenumber" name="L193" href="#L193">193</a> <em class="jxr_javadoccomment"> * list.</em>
<a class="jxr_linenumber" name="L194" href="#L194">194</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L195" href="#L195">195</a> <em class="jxr_javadoccomment"> * @param dependency the dependency being analyzed</em>
<a class="jxr_linenumber" name="L196" href="#L196">196</a> <em class="jxr_javadoccomment"> * @param engine the dependency-check engine</em>
<a class="jxr_linenumber" name="L197" href="#L197">197</a> <em class="jxr_javadoccomment"> * @param contents the version information</em>
<a class="jxr_linenumber" name="L198" href="#L198">198</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L199" href="#L199">199</a> @edu.umd.cs.findbugs.annotations.SuppressFBWarnings(
<a class="jxr_linenumber" name="L200" href="#L200">200</a> value = <span class="jxr_string">"DM_DEFAULT_ENCODING"</span>,
<a class="jxr_linenumber" name="L201" href="#L201">201</a> justification = <span class="jxr_string">"Default encoding is only used if UTF-8 is not available"</span>)
<a class="jxr_linenumber" name="L202" href="#L202">202</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> analyzeSetVersionCommand(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency, <a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a> engine, String contents) {
<a class="jxr_linenumber" name="L203" href="#L203">203</a> <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> currentDep = dependency;
<a class="jxr_linenumber" name="L204" href="#L204">204</a>
<a class="jxr_linenumber" name="L205" href="#L205">205</a> <strong class="jxr_keyword">final</strong> Matcher m = SET_VERSION.matcher(contents);
<a class="jxr_linenumber" name="L206" href="#L206">206</a> <strong class="jxr_keyword">int</strong> count = 0;
<a class="jxr_linenumber" name="L207" href="#L207">207</a> <strong class="jxr_keyword">while</strong> (m.find()) {
<a class="jxr_linenumber" name="L208" href="#L208">208</a> count++;
<a class="jxr_linenumber" name="L209" href="#L209">209</a> LOGGER.debug(<span class="jxr_string">"Found project command match with {} groups: {}"</span>,
<a class="jxr_linenumber" name="L210" href="#L210">210</a> m.groupCount(), m.group(0));
<a class="jxr_linenumber" name="L211" href="#L211">211</a> String product = m.group(1);
<a class="jxr_linenumber" name="L212" href="#L212">212</a> <strong class="jxr_keyword">final</strong> String version = m.group(2);
<a class="jxr_linenumber" name="L213" href="#L213">213</a> LOGGER.debug(<span class="jxr_string">"Group 1: "</span> + product);
<a class="jxr_linenumber" name="L214" href="#L214">214</a> LOGGER.debug(<span class="jxr_string">"Group 2: "</span> + version);
<a class="jxr_linenumber" name="L215" href="#L215">215</a> <strong class="jxr_keyword">final</strong> String aliasPrefix = <span class="jxr_string">"ALIASOF_"</span>;
<a class="jxr_linenumber" name="L216" href="#L216">216</a> <strong class="jxr_keyword">if</strong> (product.startsWith(aliasPrefix)) {
<a class="jxr_linenumber" name="L217" href="#L217">217</a> product = product.replaceFirst(aliasPrefix, <span class="jxr_string">""</span>);
<a class="jxr_linenumber" name="L218" href="#L218">218</a> }
<a class="jxr_linenumber" name="L219" href="#L219">219</a> <strong class="jxr_keyword">if</strong> (count &gt; 1) {
<a class="jxr_linenumber" name="L220" href="#L220">220</a> <em class="jxr_comment">//TODO - refactor so we do not assign to the parameter (checkstyle)</em>
<a class="jxr_linenumber" name="L221" href="#L221">221</a> currentDep = <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a>(dependency.getActualFile());
<a class="jxr_linenumber" name="L222" href="#L222">222</a> currentDep.setDisplayFileName(String.format(<span class="jxr_string">"%s:%s"</span>, dependency.getDisplayFileName(), product));
<a class="jxr_linenumber" name="L223" href="#L223">223</a> <strong class="jxr_keyword">final</strong> String filePath = String.format(<span class="jxr_string">"%s:%s"</span>, dependency.getFilePath(), product);
<a class="jxr_linenumber" name="L224" href="#L224">224</a> currentDep.setFilePath(filePath);
<a class="jxr_linenumber" name="L225" href="#L225">225</a>
<a class="jxr_linenumber" name="L226" href="#L226">226</a> byte[] path;
<a class="jxr_linenumber" name="L227" href="#L227">227</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L228" href="#L228">228</a> path = filePath.getBytes(<span class="jxr_string">"UTF-8"</span>);
<a class="jxr_linenumber" name="L229" href="#L229">229</a> } <strong class="jxr_keyword">catch</strong> (UnsupportedEncodingException ex) {
<a class="jxr_linenumber" name="L230" href="#L230">230</a> path = filePath.getBytes();
<a class="jxr_linenumber" name="L231" href="#L231">231</a> }
<a class="jxr_linenumber" name="L232" href="#L232">232</a> currentDep.setSha1sum(Checksum.getHex(sha1.digest(path)));
<a class="jxr_linenumber" name="L233" href="#L233">233</a> engine.getDependencies().add(currentDep);
<a class="jxr_linenumber" name="L234" href="#L234">234</a> }
<a class="jxr_linenumber" name="L235" href="#L235">235</a> <strong class="jxr_keyword">final</strong> String source = currentDep.getDisplayFileName();
<a class="jxr_linenumber" name="L236" href="#L236">236</a> currentDep.getProductEvidence().addEvidence(source, <span class="jxr_string">"Product"</span>,
<a class="jxr_linenumber" name="L237" href="#L237">237</a> product, Confidence.MEDIUM);
<a class="jxr_linenumber" name="L238" href="#L238">238</a> currentDep.getVersionEvidence().addEvidence(source, <span class="jxr_string">"Version"</span>,
<a class="jxr_linenumber" name="L239" href="#L239">239</a> version, Confidence.MEDIUM);
<a class="jxr_linenumber" name="L240" href="#L240">240</a> }
<a class="jxr_linenumber" name="L241" href="#L241">241</a> LOGGER.debug(String.format(<span class="jxr_string">"Found %d matches."</span>, count));
<a class="jxr_linenumber" name="L242" href="#L242">242</a> }
<a class="jxr_linenumber" name="L243" href="#L243">243</a>
<a class="jxr_linenumber" name="L244" href="#L244">244</a> @Override
<a class="jxr_linenumber" name="L245" href="#L245">245</a> <strong class="jxr_keyword">protected</strong> String getAnalyzerEnabledSettingKey() {
<a class="jxr_linenumber" name="L246" href="#L246">246</a> <strong class="jxr_keyword">return</strong> Settings.KEYS.ANALYZER_CMAKE_ENABLED;
<a class="jxr_linenumber" name="L247" href="#L247">247</a> }
<a class="jxr_linenumber" name="L248" href="#L248">248</a> }
<a class="jxr_linenumber" name="L96" href="#L96">96</a> <em class="jxr_javadoccomment"> * Returns the name of the CMake analyzer.</em>
<a class="jxr_linenumber" name="L97" href="#L97">97</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L98" href="#L98">98</a> <em class="jxr_javadoccomment"> * @return the name of the analyzer</em>
<a class="jxr_linenumber" name="L99" href="#L99">99</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L100" href="#L100">100</a> @Override
<a class="jxr_linenumber" name="L101" href="#L101">101</a> <strong class="jxr_keyword">public</strong> String getName() {
<a class="jxr_linenumber" name="L102" href="#L102">102</a> <strong class="jxr_keyword">return</strong> <span class="jxr_string">"CMake Analyzer"</span>;
<a class="jxr_linenumber" name="L103" href="#L103">103</a> }
<a class="jxr_linenumber" name="L104" href="#L104">104</a>
<a class="jxr_linenumber" name="L105" href="#L105">105</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L106" href="#L106">106</a> <em class="jxr_javadoccomment"> * Tell that we are used for information collection.</em>
<a class="jxr_linenumber" name="L107" href="#L107">107</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L108" href="#L108">108</a> <em class="jxr_javadoccomment"> * @return INFORMATION_COLLECTION</em>
<a class="jxr_linenumber" name="L109" href="#L109">109</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L110" href="#L110">110</a> @Override
<a class="jxr_linenumber" name="L111" href="#L111">111</a> <strong class="jxr_keyword">public</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisPhase.html">AnalysisPhase</a> getAnalysisPhase() {
<a class="jxr_linenumber" name="L112" href="#L112">112</a> <strong class="jxr_keyword">return</strong> AnalysisPhase.INFORMATION_COLLECTION;
<a class="jxr_linenumber" name="L113" href="#L113">113</a> }
<a class="jxr_linenumber" name="L114" href="#L114">114</a>
<a class="jxr_linenumber" name="L115" href="#L115">115</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L116" href="#L116">116</a> <em class="jxr_javadoccomment"> * Returns the set of supported file extensions.</em>
<a class="jxr_linenumber" name="L117" href="#L117">117</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L118" href="#L118">118</a> <em class="jxr_javadoccomment"> * @return the set of supported file extensions</em>
<a class="jxr_linenumber" name="L119" href="#L119">119</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L120" href="#L120">120</a> @Override
<a class="jxr_linenumber" name="L121" href="#L121">121</a> <strong class="jxr_keyword">protected</strong> FileFilter getFileFilter() {
<a class="jxr_linenumber" name="L122" href="#L122">122</a> <strong class="jxr_keyword">return</strong> FILTER;
<a class="jxr_linenumber" name="L123" href="#L123">123</a> }
<a class="jxr_linenumber" name="L124" href="#L124">124</a>
<a class="jxr_linenumber" name="L125" href="#L125">125</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L126" href="#L126">126</a> <em class="jxr_javadoccomment"> * Initializes the analyzer.</em>
<a class="jxr_linenumber" name="L127" href="#L127">127</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L128" href="#L128">128</a> <em class="jxr_javadoccomment"> * @throws InitializationException thrown if an exception occurs getting an</em>
<a class="jxr_linenumber" name="L129" href="#L129">129</a> <em class="jxr_javadoccomment"> * instance of SHA1</em>
<a class="jxr_linenumber" name="L130" href="#L130">130</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L131" href="#L131">131</a> @Override
<a class="jxr_linenumber" name="L132" href="#L132">132</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">void</strong> initializeFileTypeAnalyzer() <strong class="jxr_keyword">throws</strong> InitializationException {
<a class="jxr_linenumber" name="L133" href="#L133">133</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L134" href="#L134">134</a> getSha1MessageDigest();
<a class="jxr_linenumber" name="L135" href="#L135">135</a> } <strong class="jxr_keyword">catch</strong> (IllegalStateException ex) {
<a class="jxr_linenumber" name="L136" href="#L136">136</a> setEnabled(false);
<a class="jxr_linenumber" name="L137" href="#L137">137</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/exception/InitializationException.html">InitializationException</a>(<span class="jxr_string">"Unable to create SHA1 MessageDigest"</span>, ex);
<a class="jxr_linenumber" name="L138" href="#L138">138</a> }
<a class="jxr_linenumber" name="L139" href="#L139">139</a> }
<a class="jxr_linenumber" name="L140" href="#L140">140</a>
<a class="jxr_linenumber" name="L141" href="#L141">141</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L142" href="#L142">142</a> <em class="jxr_javadoccomment"> * Analyzes python packages and adds evidence to the dependency.</em>
<a class="jxr_linenumber" name="L143" href="#L143">143</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L144" href="#L144">144</a> <em class="jxr_javadoccomment"> * @param dependency the dependency being analyzed</em>
<a class="jxr_linenumber" name="L145" href="#L145">145</a> <em class="jxr_javadoccomment"> * @param engine the engine being used to perform the scan</em>
<a class="jxr_linenumber" name="L146" href="#L146">146</a> <em class="jxr_javadoccomment"> * @throws AnalysisException thrown if there is an unrecoverable error</em>
<a class="jxr_linenumber" name="L147" href="#L147">147</a> <em class="jxr_javadoccomment"> * analyzing the dependency</em>
<a class="jxr_linenumber" name="L148" href="#L148">148</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L149" href="#L149">149</a> @Override
<a class="jxr_linenumber" name="L150" href="#L150">150</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">void</strong> analyzeFileType(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency, <a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a> engine)
<a class="jxr_linenumber" name="L151" href="#L151">151</a> <strong class="jxr_keyword">throws</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a> {
<a class="jxr_linenumber" name="L152" href="#L152">152</a> <strong class="jxr_keyword">final</strong> File file = dependency.getActualFile();
<a class="jxr_linenumber" name="L153" href="#L153">153</a> <strong class="jxr_keyword">final</strong> String parentName = file.getParentFile().getName();
<a class="jxr_linenumber" name="L154" href="#L154">154</a> <strong class="jxr_keyword">final</strong> String name = file.getName();
<a class="jxr_linenumber" name="L155" href="#L155">155</a> dependency.setDisplayFileName(String.format(<span class="jxr_string">"%s%c%s"</span>, parentName, File.separatorChar, name));
<a class="jxr_linenumber" name="L156" href="#L156">156</a> String contents;
<a class="jxr_linenumber" name="L157" href="#L157">157</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L158" href="#L158">158</a> contents = FileUtils.readFileToString(file, Charset.defaultCharset()).trim();
<a class="jxr_linenumber" name="L159" href="#L159">159</a> } <strong class="jxr_keyword">catch</strong> (IOException e) {
<a class="jxr_linenumber" name="L160" href="#L160">160</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(
<a class="jxr_linenumber" name="L161" href="#L161">161</a> <span class="jxr_string">"Problem occurred while reading dependency file."</span>, e);
<a class="jxr_linenumber" name="L162" href="#L162">162</a> }
<a class="jxr_linenumber" name="L163" href="#L163">163</a>
<a class="jxr_linenumber" name="L164" href="#L164">164</a> <strong class="jxr_keyword">if</strong> (StringUtils.isNotBlank(contents)) {
<a class="jxr_linenumber" name="L165" href="#L165">165</a> <strong class="jxr_keyword">final</strong> Matcher m = PROJECT.matcher(contents);
<a class="jxr_linenumber" name="L166" href="#L166">166</a> <strong class="jxr_keyword">int</strong> count = 0;
<a class="jxr_linenumber" name="L167" href="#L167">167</a> <strong class="jxr_keyword">while</strong> (m.find()) {
<a class="jxr_linenumber" name="L168" href="#L168">168</a> count++;
<a class="jxr_linenumber" name="L169" href="#L169">169</a> LOGGER.debug(String.format(
<a class="jxr_linenumber" name="L170" href="#L170">170</a> <span class="jxr_string">"Found project command match with %d groups: %s"</span>,
<a class="jxr_linenumber" name="L171" href="#L171">171</a> m.groupCount(), m.group(0)));
<a class="jxr_linenumber" name="L172" href="#L172">172</a> <strong class="jxr_keyword">final</strong> String group = m.group(1);
<a class="jxr_linenumber" name="L173" href="#L173">173</a> LOGGER.debug(<span class="jxr_string">"Group 1: "</span> + group);
<a class="jxr_linenumber" name="L174" href="#L174">174</a> dependency.getProductEvidence().addEvidence(name, <span class="jxr_string">"Project"</span>,
<a class="jxr_linenumber" name="L175" href="#L175">175</a> group, Confidence.HIGH);
<a class="jxr_linenumber" name="L176" href="#L176">176</a> }
<a class="jxr_linenumber" name="L177" href="#L177">177</a> LOGGER.debug(<span class="jxr_string">"Found {} matches."</span>, count);
<a class="jxr_linenumber" name="L178" href="#L178">178</a> analyzeSetVersionCommand(dependency, engine, contents);
<a class="jxr_linenumber" name="L179" href="#L179">179</a> }
<a class="jxr_linenumber" name="L180" href="#L180">180</a> }
<a class="jxr_linenumber" name="L181" href="#L181">181</a>
<a class="jxr_linenumber" name="L182" href="#L182">182</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L183" href="#L183">183</a> <em class="jxr_javadoccomment"> * Extracts the version information from the contents. If more then one</em>
<a class="jxr_linenumber" name="L184" href="#L184">184</a> <em class="jxr_javadoccomment"> * version is found additional dependencies are added to the dependency</em>
<a class="jxr_linenumber" name="L185" href="#L185">185</a> <em class="jxr_javadoccomment"> * list.</em>
<a class="jxr_linenumber" name="L186" href="#L186">186</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L187" href="#L187">187</a> <em class="jxr_javadoccomment"> * @param dependency the dependency being analyzed</em>
<a class="jxr_linenumber" name="L188" href="#L188">188</a> <em class="jxr_javadoccomment"> * @param engine the dependency-check engine</em>
<a class="jxr_linenumber" name="L189" href="#L189">189</a> <em class="jxr_javadoccomment"> * @param contents the version information</em>
<a class="jxr_linenumber" name="L190" href="#L190">190</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L191" href="#L191">191</a> @edu.umd.cs.findbugs.annotations.SuppressFBWarnings(
<a class="jxr_linenumber" name="L192" href="#L192">192</a> value = <span class="jxr_string">"DM_DEFAULT_ENCODING"</span>,
<a class="jxr_linenumber" name="L193" href="#L193">193</a> justification = <span class="jxr_string">"Default encoding is only used if UTF-8 is not available"</span>)
<a class="jxr_linenumber" name="L194" href="#L194">194</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> analyzeSetVersionCommand(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency, <a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a> engine, String contents) {
<a class="jxr_linenumber" name="L195" href="#L195">195</a> <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> currentDep = dependency;
<a class="jxr_linenumber" name="L196" href="#L196">196</a>
<a class="jxr_linenumber" name="L197" href="#L197">197</a> <strong class="jxr_keyword">final</strong> Matcher m = SET_VERSION.matcher(contents);
<a class="jxr_linenumber" name="L198" href="#L198">198</a> <strong class="jxr_keyword">int</strong> count = 0;
<a class="jxr_linenumber" name="L199" href="#L199">199</a> <strong class="jxr_keyword">while</strong> (m.find()) {
<a class="jxr_linenumber" name="L200" href="#L200">200</a> count++;
<a class="jxr_linenumber" name="L201" href="#L201">201</a> LOGGER.debug(<span class="jxr_string">"Found project command match with {} groups: {}"</span>,
<a class="jxr_linenumber" name="L202" href="#L202">202</a> m.groupCount(), m.group(0));
<a class="jxr_linenumber" name="L203" href="#L203">203</a> String product = m.group(1);
<a class="jxr_linenumber" name="L204" href="#L204">204</a> <strong class="jxr_keyword">final</strong> String version = m.group(2);
<a class="jxr_linenumber" name="L205" href="#L205">205</a> LOGGER.debug(<span class="jxr_string">"Group 1: "</span> + product);
<a class="jxr_linenumber" name="L206" href="#L206">206</a> LOGGER.debug(<span class="jxr_string">"Group 2: "</span> + version);
<a class="jxr_linenumber" name="L207" href="#L207">207</a> <strong class="jxr_keyword">final</strong> String aliasPrefix = <span class="jxr_string">"ALIASOF_"</span>;
<a class="jxr_linenumber" name="L208" href="#L208">208</a> <strong class="jxr_keyword">if</strong> (product.startsWith(aliasPrefix)) {
<a class="jxr_linenumber" name="L209" href="#L209">209</a> product = product.replaceFirst(aliasPrefix, <span class="jxr_string">""</span>);
<a class="jxr_linenumber" name="L210" href="#L210">210</a> }
<a class="jxr_linenumber" name="L211" href="#L211">211</a> <strong class="jxr_keyword">if</strong> (count &gt; 1) {
<a class="jxr_linenumber" name="L212" href="#L212">212</a> <em class="jxr_comment">//TODO - refactor so we do not assign to the parameter (checkstyle)</em>
<a class="jxr_linenumber" name="L213" href="#L213">213</a> currentDep = <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a>(dependency.getActualFile());
<a class="jxr_linenumber" name="L214" href="#L214">214</a> currentDep.setDisplayFileName(String.format(<span class="jxr_string">"%s:%s"</span>, dependency.getDisplayFileName(), product));
<a class="jxr_linenumber" name="L215" href="#L215">215</a> <strong class="jxr_keyword">final</strong> String filePath = String.format(<span class="jxr_string">"%s:%s"</span>, dependency.getFilePath(), product);
<a class="jxr_linenumber" name="L216" href="#L216">216</a> currentDep.setFilePath(filePath);
<a class="jxr_linenumber" name="L217" href="#L217">217</a>
<a class="jxr_linenumber" name="L218" href="#L218">218</a> byte[] path;
<a class="jxr_linenumber" name="L219" href="#L219">219</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L220" href="#L220">220</a> path = filePath.getBytes(<span class="jxr_string">"UTF-8"</span>);
<a class="jxr_linenumber" name="L221" href="#L221">221</a> } <strong class="jxr_keyword">catch</strong> (UnsupportedEncodingException ex) {
<a class="jxr_linenumber" name="L222" href="#L222">222</a> path = filePath.getBytes();
<a class="jxr_linenumber" name="L223" href="#L223">223</a> }
<a class="jxr_linenumber" name="L224" href="#L224">224</a> <strong class="jxr_keyword">final</strong> MessageDigest sha1 = getSha1MessageDigest();
<a class="jxr_linenumber" name="L225" href="#L225">225</a> currentDep.setSha1sum(Checksum.getHex(sha1.digest(path)));
<a class="jxr_linenumber" name="L226" href="#L226">226</a> engine.getDependencies().add(currentDep);
<a class="jxr_linenumber" name="L227" href="#L227">227</a> }
<a class="jxr_linenumber" name="L228" href="#L228">228</a> <strong class="jxr_keyword">final</strong> String source = currentDep.getDisplayFileName();
<a class="jxr_linenumber" name="L229" href="#L229">229</a> currentDep.getProductEvidence().addEvidence(source, <span class="jxr_string">"Product"</span>,
<a class="jxr_linenumber" name="L230" href="#L230">230</a> product, Confidence.MEDIUM);
<a class="jxr_linenumber" name="L231" href="#L231">231</a> currentDep.getVersionEvidence().addEvidence(source, <span class="jxr_string">"Version"</span>,
<a class="jxr_linenumber" name="L232" href="#L232">232</a> version, Confidence.MEDIUM);
<a class="jxr_linenumber" name="L233" href="#L233">233</a> }
<a class="jxr_linenumber" name="L234" href="#L234">234</a> LOGGER.debug(String.format(<span class="jxr_string">"Found %d matches."</span>, count));
<a class="jxr_linenumber" name="L235" href="#L235">235</a> }
<a class="jxr_linenumber" name="L236" href="#L236">236</a>
<a class="jxr_linenumber" name="L237" href="#L237">237</a> @Override
<a class="jxr_linenumber" name="L238" href="#L238">238</a> <strong class="jxr_keyword">protected</strong> String getAnalyzerEnabledSettingKey() {
<a class="jxr_linenumber" name="L239" href="#L239">239</a> <strong class="jxr_keyword">return</strong> Settings.KEYS.ANALYZER_CMAKE_ENABLED;
<a class="jxr_linenumber" name="L240" href="#L240">240</a> }
<a class="jxr_linenumber" name="L241" href="#L241">241</a>
<a class="jxr_linenumber" name="L242" href="#L242">242</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L243" href="#L243">243</a> <em class="jxr_javadoccomment"> * Returns the sha1 message digest.</em>
<a class="jxr_linenumber" name="L244" href="#L244">244</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L245" href="#L245">245</a> <em class="jxr_javadoccomment"> * @return the sha1 message digest</em>
<a class="jxr_linenumber" name="L246" href="#L246">246</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L247" href="#L247">247</a> <strong class="jxr_keyword">private</strong> MessageDigest getSha1MessageDigest() {
<a class="jxr_linenumber" name="L248" href="#L248">248</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L249" href="#L249">249</a> <strong class="jxr_keyword">return</strong> MessageDigest.getInstance(<span class="jxr_string">"SHA1"</span>);
<a class="jxr_linenumber" name="L250" href="#L250">250</a> } <strong class="jxr_keyword">catch</strong> (NoSuchAlgorithmException e) {
<a class="jxr_linenumber" name="L251" href="#L251">251</a> LOGGER.error(e.getMessage());
<a class="jxr_linenumber" name="L252" href="#L252">252</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> IllegalStateException(<span class="jxr_string">"Failed to obtain the SHA1 message digest."</span>, e);
<a class="jxr_linenumber" name="L253" href="#L253">253</a> }
<a class="jxr_linenumber" name="L254" href="#L254">254</a> }
<a class="jxr_linenumber" name="L255" href="#L255">255</a> }
</pre>
<hr/>
<div id="footer">Copyright &#169; 2012&#x2013;2016 <a href="http://www.owasp.org">OWASP</a>. All rights reserved.</div>

1587
xref/org/owasp/dependencycheck/analyzer/CPEAnalyzer.html
View File

File diff suppressed because it is too large Load Diff

2
xref/org/owasp/dependencycheck/analyzer/CentralAnalyzer.html
View File

@@ -83,7 +83,7 @@
<a class="jxr_linenumber" name="L75" href="#L75">75</a> <em class="jxr_javadoccomment"> * The analyzer should be disabled if there are errors, so this is a flag to</em>
<a class="jxr_linenumber" name="L76" href="#L76">76</a> <em class="jxr_javadoccomment"> * determine if such an error has occurred.</em>
<a class="jxr_linenumber" name="L77" href="#L77">77</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L78" href="#L78">78</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">boolean</strong> errorFlag = false;
<a class="jxr_linenumber" name="L78" href="#L78">78</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">volatile</strong> <strong class="jxr_keyword">boolean</strong> errorFlag = false;
<a class="jxr_linenumber" name="L79" href="#L79">79</a>
<a class="jxr_linenumber" name="L80" href="#L80">80</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L81" href="#L81">81</a> <em class="jxr_javadoccomment"> * The searcher itself.</em>

195
xref/org/owasp/dependencycheck/analyzer/ComposerLockAnalyzer.html
View File

@@ -32,19 +32,19 @@
<a class="jxr_linenumber" name="L24" href="#L24">24</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.data.composer.ComposerLockParser;
<a class="jxr_linenumber" name="L25" href="#L25">25</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.dependency.Confidence;
<a class="jxr_linenumber" name="L26" href="#L26">26</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.dependency.Dependency;
<a class="jxr_linenumber" name="L27" href="#L27">27</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.utils.Checksum;
<a class="jxr_linenumber" name="L28" href="#L28">28</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.utils.FileFilterBuilder;
<a class="jxr_linenumber" name="L29" href="#L29">29</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.utils.Settings;
<a class="jxr_linenumber" name="L30" href="#L30">30</a> <strong class="jxr_keyword">import</strong> org.slf4j.Logger;
<a class="jxr_linenumber" name="L31" href="#L31">31</a> <strong class="jxr_keyword">import</strong> org.slf4j.LoggerFactory;
<a class="jxr_linenumber" name="L32" href="#L32">32</a>
<a class="jxr_linenumber" name="L33" href="#L33">33</a> <strong class="jxr_keyword">import</strong> java.io.FileFilter;
<a class="jxr_linenumber" name="L34" href="#L34">34</a> <strong class="jxr_keyword">import</strong> java.io.FileInputStream;
<a class="jxr_linenumber" name="L35" href="#L35">35</a> <strong class="jxr_keyword">import</strong> java.io.FileNotFoundException;
<a class="jxr_linenumber" name="L36" href="#L36">36</a> <strong class="jxr_keyword">import</strong> java.nio.charset.Charset;
<a class="jxr_linenumber" name="L37" href="#L37">37</a> <strong class="jxr_keyword">import</strong> java.security.MessageDigest;
<a class="jxr_linenumber" name="L38" href="#L38">38</a> <strong class="jxr_keyword">import</strong> java.security.NoSuchAlgorithmException;
<a class="jxr_linenumber" name="L39" href="#L39">39</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.exception.InitializationException;
<a class="jxr_linenumber" name="L27" href="#L27">27</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.exception.InitializationException;
<a class="jxr_linenumber" name="L28" href="#L28">28</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.utils.Checksum;
<a class="jxr_linenumber" name="L29" href="#L29">29</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.utils.FileFilterBuilder;
<a class="jxr_linenumber" name="L30" href="#L30">30</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.utils.Settings;
<a class="jxr_linenumber" name="L31" href="#L31">31</a> <strong class="jxr_keyword">import</strong> org.slf4j.Logger;
<a class="jxr_linenumber" name="L32" href="#L32">32</a> <strong class="jxr_keyword">import</strong> org.slf4j.LoggerFactory;
<a class="jxr_linenumber" name="L33" href="#L33">33</a>
<a class="jxr_linenumber" name="L34" href="#L34">34</a> <strong class="jxr_keyword">import</strong> java.io.FileFilter;
<a class="jxr_linenumber" name="L35" href="#L35">35</a> <strong class="jxr_keyword">import</strong> java.io.FileInputStream;
<a class="jxr_linenumber" name="L36" href="#L36">36</a> <strong class="jxr_keyword">import</strong> java.io.FileNotFoundException;
<a class="jxr_linenumber" name="L37" href="#L37">37</a> <strong class="jxr_keyword">import</strong> java.nio.charset.Charset;
<a class="jxr_linenumber" name="L38" href="#L38">38</a> <strong class="jxr_keyword">import</strong> java.security.MessageDigest;
<a class="jxr_linenumber" name="L39" href="#L39">39</a> <strong class="jxr_keyword">import</strong> java.security.NoSuchAlgorithmException;
<a class="jxr_linenumber" name="L40" href="#L40">40</a>
<a class="jxr_linenumber" name="L41" href="#L41">41</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L42" href="#L42">42</a> <em class="jxr_javadoccomment"> * Used to analyze a composer.lock file for a composer PHP app.</em>
@@ -93,91 +93,100 @@
<a class="jxr_linenumber" name="L85" href="#L85">85</a> @Override
<a class="jxr_linenumber" name="L86" href="#L86">86</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">void</strong> initializeFileTypeAnalyzer() <strong class="jxr_keyword">throws</strong> InitializationException {
<a class="jxr_linenumber" name="L87" href="#L87">87</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L88" href="#L88">88</a> sha1 = MessageDigest.getInstance(<span class="jxr_string">"SHA1"</span>);
<a class="jxr_linenumber" name="L89" href="#L89">89</a> } <strong class="jxr_keyword">catch</strong> (NoSuchAlgorithmException ex) {
<a class="jxr_linenumber" name="L88" href="#L88">88</a> getSha1MessageDigest();
<a class="jxr_linenumber" name="L89" href="#L89">89</a> } <strong class="jxr_keyword">catch</strong> (IllegalStateException ex) {
<a class="jxr_linenumber" name="L90" href="#L90">90</a> setEnabled(false);
<a class="jxr_linenumber" name="L91" href="#L91">91</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/exception/InitializationException.html">InitializationException</a>(<span class="jxr_string">"Unable to create SHA1 MmessageDigest"</span>, ex);
<a class="jxr_linenumber" name="L91" href="#L91">91</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/exception/InitializationException.html">InitializationException</a>(<span class="jxr_string">"Unable to create SHA1 MessageDigest"</span>, ex);
<a class="jxr_linenumber" name="L92" href="#L92">92</a> }
<a class="jxr_linenumber" name="L93" href="#L93">93</a> }
<a class="jxr_linenumber" name="L94" href="#L94">94</a>
<a class="jxr_linenumber" name="L95" href="#L95">95</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L96" href="#L96">96</a> <em class="jxr_javadoccomment"> * The MessageDigest for calculating a new digest for the new dependencies</em>
<a class="jxr_linenumber" name="L97" href="#L97">97</a> <em class="jxr_javadoccomment"> * added.</em>
<a class="jxr_linenumber" name="L98" href="#L98">98</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L99" href="#L99">99</a> <strong class="jxr_keyword">private</strong> MessageDigest sha1 = <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="L100" href="#L100">100</a>
<a class="jxr_linenumber" name="L101" href="#L101">101</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L102" href="#L102">102</a> <em class="jxr_javadoccomment"> * Entry point for the analyzer.</em>
<a class="jxr_linenumber" name="L103" href="#L103">103</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L104" href="#L104">104</a> <em class="jxr_javadoccomment"> * @param dependency the dependency to analyze</em>
<a class="jxr_linenumber" name="L105" href="#L105">105</a> <em class="jxr_javadoccomment"> * @param engine the engine scanning</em>
<a class="jxr_linenumber" name="L106" href="#L106">106</a> <em class="jxr_javadoccomment"> * @throws AnalysisException if there's a failure during analysis</em>
<a class="jxr_linenumber" name="L107" href="#L107">107</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L108" href="#L108">108</a> @Override
<a class="jxr_linenumber" name="L109" href="#L109">109</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">void</strong> analyzeFileType(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency, <a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a> engine) <strong class="jxr_keyword">throws</strong> AnalysisException {
<a class="jxr_linenumber" name="L110" href="#L110">110</a> FileInputStream fis = <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="L111" href="#L111">111</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L112" href="#L112">112</a> fis = <strong class="jxr_keyword">new</strong> FileInputStream(dependency.getActualFile());
<a class="jxr_linenumber" name="L113" href="#L113">113</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/data/composer/ComposerLockParser.html">ComposerLockParser</a> clp = <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/data/composer/ComposerLockParser.html">ComposerLockParser</a>(fis);
<a class="jxr_linenumber" name="L114" href="#L114">114</a> LOGGER.info(<span class="jxr_string">"Checking composer.lock file {}"</span>, dependency.getActualFilePath());
<a class="jxr_linenumber" name="L115" href="#L115">115</a> clp.process();
<a class="jxr_linenumber" name="L116" href="#L116">116</a> <strong class="jxr_keyword">for</strong> (ComposerDependency dep : clp.getDependencies()) {
<a class="jxr_linenumber" name="L117" href="#L117">117</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> d = <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a>(dependency.getActualFile());
<a class="jxr_linenumber" name="L118" href="#L118">118</a> d.setDisplayFileName(String.format(<span class="jxr_string">"%s:%s/%s"</span>, dependency.getDisplayFileName(), dep.getGroup(), dep.getProject()));
<a class="jxr_linenumber" name="L119" href="#L119">119</a> <strong class="jxr_keyword">final</strong> String filePath = String.format(<span class="jxr_string">"%s:%s/%s"</span>, dependency.getFilePath(), dep.getGroup(), dep.getProject());
<a class="jxr_linenumber" name="L120" href="#L120">120</a> d.setFilePath(filePath);
<a class="jxr_linenumber" name="L121" href="#L121">121</a> d.setSha1sum(Checksum.getHex(sha1.digest(filePath.getBytes(Charset.defaultCharset()))));
<a class="jxr_linenumber" name="L122" href="#L122">122</a> d.getVendorEvidence().addEvidence(COMPOSER_LOCK, <span class="jxr_string">"vendor"</span>, dep.getGroup(), Confidence.HIGHEST);
<a class="jxr_linenumber" name="L123" href="#L123">123</a> d.getProductEvidence().addEvidence(COMPOSER_LOCK, <span class="jxr_string">"product"</span>, dep.getProject(), Confidence.HIGHEST);
<a class="jxr_linenumber" name="L124" href="#L124">124</a> d.getVersionEvidence().addEvidence(COMPOSER_LOCK, <span class="jxr_string">"version"</span>, dep.getVersion(), Confidence.HIGHEST);
<a class="jxr_linenumber" name="L125" href="#L125">125</a> LOGGER.info(<span class="jxr_string">"Adding dependency {}"</span>, d);
<a class="jxr_linenumber" name="L126" href="#L126">126</a> engine.getDependencies().add(d);
<a class="jxr_linenumber" name="L127" href="#L127">127</a> }
<a class="jxr_linenumber" name="L128" href="#L128">128</a> } <strong class="jxr_keyword">catch</strong> (FileNotFoundException fnfe) {
<a class="jxr_linenumber" name="L129" href="#L129">129</a> LOGGER.warn(<span class="jxr_string">"Error opening dependency {}"</span>, dependency.getActualFilePath());
<a class="jxr_linenumber" name="L130" href="#L130">130</a> } <strong class="jxr_keyword">catch</strong> (ComposerException ce) {
<a class="jxr_linenumber" name="L131" href="#L131">131</a> LOGGER.warn(<span class="jxr_string">"Error parsing composer.json {}"</span>, dependency.getActualFilePath(), ce);
<a class="jxr_linenumber" name="L132" href="#L132">132</a> } <strong class="jxr_keyword">finally</strong> {
<a class="jxr_linenumber" name="L133" href="#L133">133</a> <strong class="jxr_keyword">if</strong> (fis != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="L134" href="#L134">134</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L135" href="#L135">135</a> fis.close();
<a class="jxr_linenumber" name="L136" href="#L136">136</a> } <strong class="jxr_keyword">catch</strong> (Exception e) {
<a class="jxr_linenumber" name="L137" href="#L137">137</a> LOGGER.debug(<span class="jxr_string">"Unable to close file"</span>, e);
<a class="jxr_linenumber" name="L138" href="#L138">138</a> }
<a class="jxr_linenumber" name="L139" href="#L139">139</a> }
<a class="jxr_linenumber" name="L140" href="#L140">140</a> }
<a class="jxr_linenumber" name="L141" href="#L141">141</a> }
<a class="jxr_linenumber" name="L142" href="#L142">142</a>
<a class="jxr_linenumber" name="L143" href="#L143">143</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L144" href="#L144">144</a> <em class="jxr_javadoccomment"> * Gets the key to determine whether the analyzer is enabled.</em>
<a class="jxr_linenumber" name="L145" href="#L145">145</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L146" href="#L146">146</a> <em class="jxr_javadoccomment"> * @return the key specifying whether the analyzer is enabled</em>
<a class="jxr_linenumber" name="L147" href="#L147">147</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L148" href="#L148">148</a> @Override
<a class="jxr_linenumber" name="L149" href="#L149">149</a> <strong class="jxr_keyword">protected</strong> String getAnalyzerEnabledSettingKey() {
<a class="jxr_linenumber" name="L150" href="#L150">150</a> <strong class="jxr_keyword">return</strong> Settings.KEYS.ANALYZER_COMPOSER_LOCK_ENABLED;
<a class="jxr_linenumber" name="L151" href="#L151">151</a> }
<a class="jxr_linenumber" name="L152" href="#L152">152</a>
<a class="jxr_linenumber" name="L153" href="#L153">153</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L154" href="#L154">154</a> <em class="jxr_javadoccomment"> * Returns the analyzer's name.</em>
<a class="jxr_linenumber" name="L155" href="#L155">155</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L156" href="#L156">156</a> <em class="jxr_javadoccomment"> * @return the analyzer's name</em>
<a class="jxr_linenumber" name="L157" href="#L157">157</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L158" href="#L158">158</a> @Override
<a class="jxr_linenumber" name="L159" href="#L159">159</a> <strong class="jxr_keyword">public</strong> String getName() {
<a class="jxr_linenumber" name="L160" href="#L160">160</a> <strong class="jxr_keyword">return</strong> ANALYZER_NAME;
<a class="jxr_linenumber" name="L161" href="#L161">161</a> }
<a class="jxr_linenumber" name="L162" href="#L162">162</a>
<a class="jxr_linenumber" name="L163" href="#L163">163</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L164" href="#L164">164</a> <em class="jxr_javadoccomment"> * Returns the phase this analyzer should run under.</em>
<a class="jxr_linenumber" name="L165" href="#L165">165</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L166" href="#L166">166</a> <em class="jxr_javadoccomment"> * @return the analysis phase</em>
<a class="jxr_linenumber" name="L167" href="#L167">167</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L168" href="#L168">168</a> @Override
<a class="jxr_linenumber" name="L169" href="#L169">169</a> <strong class="jxr_keyword">public</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisPhase.html">AnalysisPhase</a> getAnalysisPhase() {
<a class="jxr_linenumber" name="L170" href="#L170">170</a> <strong class="jxr_keyword">return</strong> AnalysisPhase.INFORMATION_COLLECTION;
<a class="jxr_linenumber" name="L171" href="#L171">171</a> }
<a class="jxr_linenumber" name="L172" href="#L172">172</a> }
<a class="jxr_linenumber" name="L96" href="#L96">96</a> <em class="jxr_javadoccomment"> * Entry point for the analyzer.</em>
<a class="jxr_linenumber" name="L97" href="#L97">97</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L98" href="#L98">98</a> <em class="jxr_javadoccomment"> * @param dependency the dependency to analyze</em>
<a class="jxr_linenumber" name="L99" href="#L99">99</a> <em class="jxr_javadoccomment"> * @param engine the engine scanning</em>
<a class="jxr_linenumber" name="L100" href="#L100">100</a> <em class="jxr_javadoccomment"> * @throws AnalysisException if there's a failure during analysis</em>
<a class="jxr_linenumber" name="L101" href="#L101">101</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L102" href="#L102">102</a> @Override
<a class="jxr_linenumber" name="L103" href="#L103">103</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">void</strong> analyzeFileType(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency, <a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a> engine) <strong class="jxr_keyword">throws</strong> AnalysisException {
<a class="jxr_linenumber" name="L104" href="#L104">104</a> FileInputStream fis = <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="L105" href="#L105">105</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L106" href="#L106">106</a> fis = <strong class="jxr_keyword">new</strong> FileInputStream(dependency.getActualFile());
<a class="jxr_linenumber" name="L107" href="#L107">107</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/data/composer/ComposerLockParser.html">ComposerLockParser</a> clp = <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/data/composer/ComposerLockParser.html">ComposerLockParser</a>(fis);
<a class="jxr_linenumber" name="L108" href="#L108">108</a> LOGGER.info(<span class="jxr_string">"Checking composer.lock file {}"</span>, dependency.getActualFilePath());
<a class="jxr_linenumber" name="L109" href="#L109">109</a> clp.process();
<a class="jxr_linenumber" name="L110" href="#L110">110</a> <strong class="jxr_keyword">for</strong> (ComposerDependency dep : clp.getDependencies()) {
<a class="jxr_linenumber" name="L111" href="#L111">111</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> d = <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a>(dependency.getActualFile());
<a class="jxr_linenumber" name="L112" href="#L112">112</a> d.setDisplayFileName(String.format(<span class="jxr_string">"%s:%s/%s"</span>, dependency.getDisplayFileName(), dep.getGroup(), dep.getProject()));
<a class="jxr_linenumber" name="L113" href="#L113">113</a> <strong class="jxr_keyword">final</strong> String filePath = String.format(<span class="jxr_string">"%s:%s/%s"</span>, dependency.getFilePath(), dep.getGroup(), dep.getProject());
<a class="jxr_linenumber" name="L114" href="#L114">114</a> <strong class="jxr_keyword">final</strong> MessageDigest sha1 = getSha1MessageDigest();
<a class="jxr_linenumber" name="L115" href="#L115">115</a> d.setFilePath(filePath);
<a class="jxr_linenumber" name="L116" href="#L116">116</a> d.setSha1sum(Checksum.getHex(sha1.digest(filePath.getBytes(Charset.defaultCharset()))));
<a class="jxr_linenumber" name="L117" href="#L117">117</a> d.getVendorEvidence().addEvidence(COMPOSER_LOCK, <span class="jxr_string">"vendor"</span>, dep.getGroup(), Confidence.HIGHEST);
<a class="jxr_linenumber" name="L118" href="#L118">118</a> d.getProductEvidence().addEvidence(COMPOSER_LOCK, <span class="jxr_string">"product"</span>, dep.getProject(), Confidence.HIGHEST);
<a class="jxr_linenumber" name="L119" href="#L119">119</a> d.getVersionEvidence().addEvidence(COMPOSER_LOCK, <span class="jxr_string">"version"</span>, dep.getVersion(), Confidence.HIGHEST);
<a class="jxr_linenumber" name="L120" href="#L120">120</a> LOGGER.info(<span class="jxr_string">"Adding dependency {}"</span>, d);
<a class="jxr_linenumber" name="L121" href="#L121">121</a> engine.getDependencies().add(d);
<a class="jxr_linenumber" name="L122" href="#L122">122</a> }
<a class="jxr_linenumber" name="L123" href="#L123">123</a> } <strong class="jxr_keyword">catch</strong> (FileNotFoundException fnfe) {
<a class="jxr_linenumber" name="L124" href="#L124">124</a> LOGGER.warn(<span class="jxr_string">"Error opening dependency {}"</span>, dependency.getActualFilePath());
<a class="jxr_linenumber" name="L125" href="#L125">125</a> } <strong class="jxr_keyword">catch</strong> (ComposerException ce) {
<a class="jxr_linenumber" name="L126" href="#L126">126</a> LOGGER.warn(<span class="jxr_string">"Error parsing composer.json {}"</span>, dependency.getActualFilePath(), ce);
<a class="jxr_linenumber" name="L127" href="#L127">127</a> } <strong class="jxr_keyword">finally</strong> {
<a class="jxr_linenumber" name="L128" href="#L128">128</a> <strong class="jxr_keyword">if</strong> (fis != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="L129" href="#L129">129</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L130" href="#L130">130</a> fis.close();
<a class="jxr_linenumber" name="L131" href="#L131">131</a> } <strong class="jxr_keyword">catch</strong> (Exception e) {
<a class="jxr_linenumber" name="L132" href="#L132">132</a> LOGGER.debug(<span class="jxr_string">"Unable to close file"</span>, e);
<a class="jxr_linenumber" name="L133" href="#L133">133</a> }
<a class="jxr_linenumber" name="L134" href="#L134">134</a> }
<a class="jxr_linenumber" name="L135" href="#L135">135</a> }
<a class="jxr_linenumber" name="L136" href="#L136">136</a> }
<a class="jxr_linenumber" name="L137" href="#L137">137</a>
<a class="jxr_linenumber" name="L138" href="#L138">138</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L139" href="#L139">139</a> <em class="jxr_javadoccomment"> * Gets the key to determine whether the analyzer is enabled.</em>
<a class="jxr_linenumber" name="L140" href="#L140">140</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L141" href="#L141">141</a> <em class="jxr_javadoccomment"> * @return the key specifying whether the analyzer is enabled</em>
<a class="jxr_linenumber" name="L142" href="#L142">142</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L143" href="#L143">143</a> @Override
<a class="jxr_linenumber" name="L144" href="#L144">144</a> <strong class="jxr_keyword">protected</strong> String getAnalyzerEnabledSettingKey() {
<a class="jxr_linenumber" name="L145" href="#L145">145</a> <strong class="jxr_keyword">return</strong> Settings.KEYS.ANALYZER_COMPOSER_LOCK_ENABLED;
<a class="jxr_linenumber" name="L146" href="#L146">146</a> }
<a class="jxr_linenumber" name="L147" href="#L147">147</a>
<a class="jxr_linenumber" name="L148" href="#L148">148</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L149" href="#L149">149</a> <em class="jxr_javadoccomment"> * Returns the analyzer's name.</em>
<a class="jxr_linenumber" name="L150" href="#L150">150</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L151" href="#L151">151</a> <em class="jxr_javadoccomment"> * @return the analyzer's name</em>
<a class="jxr_linenumber" name="L152" href="#L152">152</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L153" href="#L153">153</a> @Override
<a class="jxr_linenumber" name="L154" href="#L154">154</a> <strong class="jxr_keyword">public</strong> String getName() {
<a class="jxr_linenumber" name="L155" href="#L155">155</a> <strong class="jxr_keyword">return</strong> ANALYZER_NAME;
<a class="jxr_linenumber" name="L156" href="#L156">156</a> }
<a class="jxr_linenumber" name="L157" href="#L157">157</a>
<a class="jxr_linenumber" name="L158" href="#L158">158</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L159" href="#L159">159</a> <em class="jxr_javadoccomment"> * Returns the phase this analyzer should run under.</em>
<a class="jxr_linenumber" name="L160" href="#L160">160</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L161" href="#L161">161</a> <em class="jxr_javadoccomment"> * @return the analysis phase</em>
<a class="jxr_linenumber" name="L162" href="#L162">162</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L163" href="#L163">163</a> @Override
<a class="jxr_linenumber" name="L164" href="#L164">164</a> <strong class="jxr_keyword">public</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisPhase.html">AnalysisPhase</a> getAnalysisPhase() {
<a class="jxr_linenumber" name="L165" href="#L165">165</a> <strong class="jxr_keyword">return</strong> AnalysisPhase.INFORMATION_COLLECTION;
<a class="jxr_linenumber" name="L166" href="#L166">166</a> }
<a class="jxr_linenumber" name="L167" href="#L167">167</a>
<a class="jxr_linenumber" name="L168" href="#L168">168</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L169" href="#L169">169</a> <em class="jxr_javadoccomment"> * Returns the sha1 message digest.</em>
<a class="jxr_linenumber" name="L170" href="#L170">170</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L171" href="#L171">171</a> <em class="jxr_javadoccomment"> * @return the sha1 message digest</em>
<a class="jxr_linenumber" name="L172" href="#L172">172</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L173" href="#L173">173</a> <strong class="jxr_keyword">private</strong> MessageDigest getSha1MessageDigest() {
<a class="jxr_linenumber" name="L174" href="#L174">174</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L175" href="#L175">175</a> <strong class="jxr_keyword">return</strong> MessageDigest.getInstance(<span class="jxr_string">"SHA1"</span>);
<a class="jxr_linenumber" name="L176" href="#L176">176</a> } <strong class="jxr_keyword">catch</strong> (NoSuchAlgorithmException e) {
<a class="jxr_linenumber" name="L177" href="#L177">177</a> LOGGER.error(e.getMessage());
<a class="jxr_linenumber" name="L178" href="#L178">178</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> IllegalStateException(<span class="jxr_string">"Failed to obtain the SHA1 message digest."</span>, e);
<a class="jxr_linenumber" name="L179" href="#L179">179</a> }
<a class="jxr_linenumber" name="L180" href="#L180">180</a> }
<a class="jxr_linenumber" name="L181" href="#L181">181</a> }
</pre>
<hr/>
<div id="footer">Copyright &#169; 2012&#x2013;2016 <a href="http://www.owasp.org">OWASP</a>. All rights reserved.</div>

975
xref/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.html
View File

File diff suppressed because it is too large Load Diff

118
xref/org/owasp/dependencycheck/analyzer/FalsePositiveAnalyzer.html
View File

@@ -431,64 +431,66 @@
<a class="jxr_linenumber" name="L423" href="#L423">423</a> String parentPath = dependency.getFilePath().toLowerCase();
<a class="jxr_linenumber" name="L424" href="#L424">424</a> <strong class="jxr_keyword">if</strong> (parentPath.contains(<span class="jxr_string">".jar"</span>)) {
<a class="jxr_linenumber" name="L425" href="#L425">425</a> parentPath = parentPath.substring(0, parentPath.indexOf(<span class="jxr_string">".jar"</span>) + 4);
<a class="jxr_linenumber" name="L426" href="#L426">426</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> parent = findDependency(parentPath, engine.getDependencies());
<a class="jxr_linenumber" name="L427" href="#L427">427</a> <strong class="jxr_keyword">if</strong> (parent != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="L428" href="#L428">428</a> <strong class="jxr_keyword">boolean</strong> remove = false;
<a class="jxr_linenumber" name="L429" href="#L429">429</a> <strong class="jxr_keyword">for</strong> (Identifier i : dependency.getIdentifiers()) {
<a class="jxr_linenumber" name="L430" href="#L430">430</a> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"cpe"</span>.equals(i.getType())) {
<a class="jxr_linenumber" name="L431" href="#L431">431</a> <strong class="jxr_keyword">final</strong> String trimmedCPE = trimCpeToVendor(i.getValue());
<a class="jxr_linenumber" name="L432" href="#L432">432</a> <strong class="jxr_keyword">for</strong> (Identifier parentId : parent.getIdentifiers()) {
<a class="jxr_linenumber" name="L433" href="#L433">433</a> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"cpe"</span>.equals(parentId.getType()) &amp;&amp; parentId.getValue().startsWith(trimmedCPE)) {
<a class="jxr_linenumber" name="L434" href="#L434">434</a> remove |= <strong class="jxr_keyword">true</strong>;
<a class="jxr_linenumber" name="L435" href="#L435">435</a> }
<a class="jxr_linenumber" name="L436" href="#L436">436</a> }
<a class="jxr_linenumber" name="L437" href="#L437">437</a> }
<a class="jxr_linenumber" name="L438" href="#L438">438</a> <strong class="jxr_keyword">if</strong> (!remove) { <em class="jxr_comment">//we can escape early</em>
<a class="jxr_linenumber" name="L439" href="#L439">439</a> <strong class="jxr_keyword">return</strong>;
<a class="jxr_linenumber" name="L440" href="#L440">440</a> }
<a class="jxr_linenumber" name="L441" href="#L441">441</a> }
<a class="jxr_linenumber" name="L442" href="#L442">442</a> <strong class="jxr_keyword">if</strong> (remove) {
<a class="jxr_linenumber" name="L443" href="#L443">443</a> engine.getDependencies().remove(dependency);
<a class="jxr_linenumber" name="L444" href="#L444">444</a> }
<a class="jxr_linenumber" name="L445" href="#L445">445</a> }
<a class="jxr_linenumber" name="L446" href="#L446">446</a> }
<a class="jxr_linenumber" name="L447" href="#L447">447</a>
<a class="jxr_linenumber" name="L448" href="#L448">448</a> }
<a class="jxr_linenumber" name="L449" href="#L449">449</a> }
<a class="jxr_linenumber" name="L450" href="#L450">450</a>
<a class="jxr_linenumber" name="L451" href="#L451">451</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L452" href="#L452">452</a> <em class="jxr_javadoccomment"> * Retrieves a given dependency, based on a given path, from a list of dependencies.</em>
<a class="jxr_linenumber" name="L453" href="#L453">453</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L454" href="#L454">454</a> <em class="jxr_javadoccomment"> * @param dependencyPath the path of the dependency to return</em>
<a class="jxr_linenumber" name="L455" href="#L455">455</a> <em class="jxr_javadoccomment"> * @param dependencies the collection of dependencies to search</em>
<a class="jxr_linenumber" name="L456" href="#L456">456</a> <em class="jxr_javadoccomment"> * @return the dependency object for the given path, otherwise null</em>
<a class="jxr_linenumber" name="L457" href="#L457">457</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L458" href="#L458">458</a> <strong class="jxr_keyword">private</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> findDependency(String dependencyPath, List&lt;Dependency&gt; dependencies) {
<a class="jxr_linenumber" name="L459" href="#L459">459</a> <strong class="jxr_keyword">for</strong> (Dependency d : dependencies) {
<a class="jxr_linenumber" name="L460" href="#L460">460</a> <strong class="jxr_keyword">if</strong> (d.getFilePath().equalsIgnoreCase(dependencyPath)) {
<a class="jxr_linenumber" name="L461" href="#L461">461</a> <strong class="jxr_keyword">return</strong> d;
<a class="jxr_linenumber" name="L462" href="#L462">462</a> }
<a class="jxr_linenumber" name="L463" href="#L463">463</a> }
<a class="jxr_linenumber" name="L464" href="#L464">464</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="L465" href="#L465">465</a> }
<a class="jxr_linenumber" name="L466" href="#L466">466</a>
<a class="jxr_linenumber" name="L467" href="#L467">467</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L468" href="#L468">468</a> <em class="jxr_javadoccomment"> * Takes a full CPE and returns the CPE trimmed to include only vendor and product.</em>
<a class="jxr_linenumber" name="L469" href="#L469">469</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L470" href="#L470">470</a> <em class="jxr_javadoccomment"> * @param value the CPE value to trim</em>
<a class="jxr_linenumber" name="L471" href="#L471">471</a> <em class="jxr_javadoccomment"> * @return a CPE value that only includes the vendor and product</em>
<a class="jxr_linenumber" name="L472" href="#L472">472</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L473" href="#L473">473</a> <strong class="jxr_keyword">private</strong> String trimCpeToVendor(String value) {
<a class="jxr_linenumber" name="L474" href="#L474">474</a> <em class="jxr_comment">//cpe:/a:jruby:jruby:1.0.8</em>
<a class="jxr_linenumber" name="L475" href="#L475">475</a> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">int</strong> pos1 = value.indexOf(':', 7); <em class="jxr_comment">//right of vendor</em>
<a class="jxr_linenumber" name="L476" href="#L476">476</a> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">int</strong> pos2 = value.indexOf(':', pos1 + 1); <em class="jxr_comment">//right of product</em>
<a class="jxr_linenumber" name="L477" href="#L477">477</a> <strong class="jxr_keyword">if</strong> (pos2 &lt; 0) {
<a class="jxr_linenumber" name="L478" href="#L478">478</a> <strong class="jxr_keyword">return</strong> value;
<a class="jxr_linenumber" name="L479" href="#L479">479</a> } <strong class="jxr_keyword">else</strong> {
<a class="jxr_linenumber" name="L480" href="#L480">480</a> <strong class="jxr_keyword">return</strong> value.substring(0, pos2);
<a class="jxr_linenumber" name="L481" href="#L481">481</a> }
<a class="jxr_linenumber" name="L482" href="#L482">482</a> }
<a class="jxr_linenumber" name="L483" href="#L483">483</a> }
<a class="jxr_linenumber" name="L426" href="#L426">426</a> <strong class="jxr_keyword">final</strong> List&lt;Dependency&gt; dependencies = engine.getDependencies();
<a class="jxr_linenumber" name="L427" href="#L427">427</a> <strong class="jxr_keyword">synchronized</strong> (dependencies) {
<a class="jxr_linenumber" name="L428" href="#L428">428</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> parent = findDependency(parentPath, dependencies);
<a class="jxr_linenumber" name="L429" href="#L429">429</a> <strong class="jxr_keyword">if</strong> (parent != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="L430" href="#L430">430</a> <strong class="jxr_keyword">boolean</strong> remove = false;
<a class="jxr_linenumber" name="L431" href="#L431">431</a> <strong class="jxr_keyword">for</strong> (Identifier i : dependency.getIdentifiers()) {
<a class="jxr_linenumber" name="L432" href="#L432">432</a> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"cpe"</span>.equals(i.getType())) {
<a class="jxr_linenumber" name="L433" href="#L433">433</a> <strong class="jxr_keyword">final</strong> String trimmedCPE = trimCpeToVendor(i.getValue());
<a class="jxr_linenumber" name="L434" href="#L434">434</a> <strong class="jxr_keyword">for</strong> (Identifier parentId : parent.getIdentifiers()) {
<a class="jxr_linenumber" name="L435" href="#L435">435</a> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"cpe"</span>.equals(parentId.getType()) &amp;&amp; parentId.getValue().startsWith(trimmedCPE)) {
<a class="jxr_linenumber" name="L436" href="#L436">436</a> remove |= <strong class="jxr_keyword">true</strong>;
<a class="jxr_linenumber" name="L437" href="#L437">437</a> }
<a class="jxr_linenumber" name="L438" href="#L438">438</a> }
<a class="jxr_linenumber" name="L439" href="#L439">439</a> }
<a class="jxr_linenumber" name="L440" href="#L440">440</a> <strong class="jxr_keyword">if</strong> (!remove) { <em class="jxr_comment">//we can escape early</em>
<a class="jxr_linenumber" name="L441" href="#L441">441</a> <strong class="jxr_keyword">return</strong>;
<a class="jxr_linenumber" name="L442" href="#L442">442</a> }
<a class="jxr_linenumber" name="L443" href="#L443">443</a> }
<a class="jxr_linenumber" name="L444" href="#L444">444</a> <strong class="jxr_keyword">if</strong> (remove) {
<a class="jxr_linenumber" name="L445" href="#L445">445</a> dependencies.remove(dependency);
<a class="jxr_linenumber" name="L446" href="#L446">446</a> }
<a class="jxr_linenumber" name="L447" href="#L447">447</a> }
<a class="jxr_linenumber" name="L448" href="#L448">448</a> }
<a class="jxr_linenumber" name="L449" href="#L449">449</a> }
<a class="jxr_linenumber" name="L450" href="#L450">450</a> }
<a class="jxr_linenumber" name="L451" href="#L451">451</a> }
<a class="jxr_linenumber" name="L452" href="#L452">452</a>
<a class="jxr_linenumber" name="L453" href="#L453">453</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L454" href="#L454">454</a> <em class="jxr_javadoccomment"> * Retrieves a given dependency, based on a given path, from a list of dependencies.</em>
<a class="jxr_linenumber" name="L455" href="#L455">455</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L456" href="#L456">456</a> <em class="jxr_javadoccomment"> * @param dependencyPath the path of the dependency to return</em>
<a class="jxr_linenumber" name="L457" href="#L457">457</a> <em class="jxr_javadoccomment"> * @param dependencies the collection of dependencies to search</em>
<a class="jxr_linenumber" name="L458" href="#L458">458</a> <em class="jxr_javadoccomment"> * @return the dependency object for the given path, otherwise null</em>
<a class="jxr_linenumber" name="L459" href="#L459">459</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L460" href="#L460">460</a> <strong class="jxr_keyword">private</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> findDependency(String dependencyPath, List&lt;Dependency&gt; dependencies) {
<a class="jxr_linenumber" name="L461" href="#L461">461</a> <strong class="jxr_keyword">for</strong> (Dependency d : dependencies) {
<a class="jxr_linenumber" name="L462" href="#L462">462</a> <strong class="jxr_keyword">if</strong> (d.getFilePath().equalsIgnoreCase(dependencyPath)) {
<a class="jxr_linenumber" name="L463" href="#L463">463</a> <strong class="jxr_keyword">return</strong> d;
<a class="jxr_linenumber" name="L464" href="#L464">464</a> }
<a class="jxr_linenumber" name="L465" href="#L465">465</a> }
<a class="jxr_linenumber" name="L466" href="#L466">466</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="L467" href="#L467">467</a> }
<a class="jxr_linenumber" name="L468" href="#L468">468</a>
<a class="jxr_linenumber" name="L469" href="#L469">469</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L470" href="#L470">470</a> <em class="jxr_javadoccomment"> * Takes a full CPE and returns the CPE trimmed to include only vendor and product.</em>
<a class="jxr_linenumber" name="L471" href="#L471">471</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L472" href="#L472">472</a> <em class="jxr_javadoccomment"> * @param value the CPE value to trim</em>
<a class="jxr_linenumber" name="L473" href="#L473">473</a> <em class="jxr_javadoccomment"> * @return a CPE value that only includes the vendor and product</em>
<a class="jxr_linenumber" name="L474" href="#L474">474</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L475" href="#L475">475</a> <strong class="jxr_keyword">private</strong> String trimCpeToVendor(String value) {
<a class="jxr_linenumber" name="L476" href="#L476">476</a> <em class="jxr_comment">//cpe:/a:jruby:jruby:1.0.8</em>
<a class="jxr_linenumber" name="L477" href="#L477">477</a> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">int</strong> pos1 = value.indexOf(':', 7); <em class="jxr_comment">//right of vendor</em>
<a class="jxr_linenumber" name="L478" href="#L478">478</a> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">int</strong> pos2 = value.indexOf(':', pos1 + 1); <em class="jxr_comment">//right of product</em>
<a class="jxr_linenumber" name="L479" href="#L479">479</a> <strong class="jxr_keyword">if</strong> (pos2 &lt; 0) {
<a class="jxr_linenumber" name="L480" href="#L480">480</a> <strong class="jxr_keyword">return</strong> value;
<a class="jxr_linenumber" name="L481" href="#L481">481</a> } <strong class="jxr_keyword">else</strong> {
<a class="jxr_linenumber" name="L482" href="#L482">482</a> <strong class="jxr_keyword">return</strong> value.substring(0, pos2);
<a class="jxr_linenumber" name="L483" href="#L483">483</a> }
<a class="jxr_linenumber" name="L484" href="#L484">484</a> }
<a class="jxr_linenumber" name="L485" href="#L485">485</a> }
</pre>
<hr/>
<div id="footer">Copyright &#169; 2012&#x2013;2016 <a href="http://www.owasp.org">OWASP</a>. All rights reserved.</div>

2
xref/org/owasp/dependencycheck/analyzer/FileNameAnalyzer.html
View File

@@ -42,7 +42,7 @@
<a class="jxr_linenumber" name="L34" href="#L34">34</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L35" href="#L35">35</a> <em class="jxr_javadoccomment"> * @author Jeremy Long</em>
<a class="jxr_linenumber" name="L36" href="#L36">36</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L37" href="#L37">37</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">class</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/FileNameAnalyzer.html">FileNameAnalyzer</a> <strong class="jxr_keyword">extends</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AbstractAnalyzer.html">AbstractAnalyzer</a> <strong class="jxr_keyword">implements</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/Analyzer.html">Analyzer</a> {
<a class="jxr_linenumber" name="L37" href="#L37">37</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">class</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/FileNameAnalyzer.html">FileNameAnalyzer</a> <strong class="jxr_keyword">extends</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AbstractAnalyzer.html">AbstractAnalyzer</a> {
<a class="jxr_linenumber" name="L38" href="#L38">38</a>
<a class="jxr_linenumber" name="L39" href="#L39">39</a> <em class="jxr_comment">//&lt;editor-fold defaultstate="collapsed" desc="All standard implementation details of Analyzer"&gt;</em>
<a class="jxr_linenumber" name="L40" href="#L40">40</a> <em class="jxr_javadoccomment">/**</em>

4
xref/org/owasp/dependencycheck/analyzer/HintAnalyzer.html
View File

@@ -59,7 +59,7 @@
<a class="jxr_linenumber" name="L51" href="#L51">51</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L52" href="#L52">52</a> <em class="jxr_javadoccomment"> * @author Jeremy Long</em>
<a class="jxr_linenumber" name="L53" href="#L53">53</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L54" href="#L54">54</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">class</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/HintAnalyzer.html">HintAnalyzer</a> <strong class="jxr_keyword">extends</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AbstractAnalyzer.html">AbstractAnalyzer</a> <strong class="jxr_keyword">implements</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/Analyzer.html">Analyzer</a> {
<a class="jxr_linenumber" name="L54" href="#L54">54</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">class</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/HintAnalyzer.html">HintAnalyzer</a> <strong class="jxr_keyword">extends</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AbstractAnalyzer.html">AbstractAnalyzer</a> {
<a class="jxr_linenumber" name="L55" href="#L55">55</a>
<a class="jxr_linenumber" name="L56" href="#L56">56</a> <em class="jxr_comment">//&lt;editor-fold defaultstate="collapsed" desc="All standard implementation details of Analyzer"&gt;</em>
<a class="jxr_linenumber" name="L57" href="#L57">57</a> <em class="jxr_javadoccomment">/**</em>
@@ -331,7 +331,7 @@
<a class="jxr_linenumber" name="L323" href="#L323">323</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L324" href="#L324">324</a> org.apache.commons.io.FileUtils.copyInputStreamToFile(fromClasspath, file);
<a class="jxr_linenumber" name="L325" href="#L325">325</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
<a class="jxr_linenumber" name="L326" href="#L326">326</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/xml/hints/HintParseException.html">HintParseException</a>(<span class="jxr_string">"Unable to locate suppressions file in classpath"</span>, ex);
<a class="jxr_linenumber" name="L326" href="#L326">326</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/xml/hints/HintParseException.html">HintParseException</a>(<span class="jxr_string">"Unable to locate hints file in classpath"</span>, ex);
<a class="jxr_linenumber" name="L327" href="#L327">327</a> }
<a class="jxr_linenumber" name="L328" href="#L328">328</a> }
<a class="jxr_linenumber" name="L329" href="#L329">329</a> } <strong class="jxr_keyword">finally</strong> {

1846
xref/org/owasp/dependencycheck/analyzer/JarAnalyzer.html
View File

File diff suppressed because it is too large Load Diff

371
xref/org/owasp/dependencycheck/analyzer/NexusAnalyzer.html
View File

@@ -95,183 +95,200 @@
<a class="jxr_linenumber" name="L87" href="#L87">87</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L88" href="#L88">88</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String SUPPORTED_EXTENSIONS = <span class="jxr_string">"jar"</span>;
<a class="jxr_linenumber" name="L89" href="#L89">89</a>
<a class="jxr_linenumber" name="L90" href="#L90">90</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L91" href="#L91">91</a> <em class="jxr_javadoccomment"> * The Nexus Search to be set up for this analyzer.</em>
<a class="jxr_linenumber" name="L92" href="#L92">92</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L93" href="#L93">93</a> <strong class="jxr_keyword">private</strong> <a href="../../../../org/owasp/dependencycheck/data/nexus/NexusSearch.html">NexusSearch</a> searcher;
<a class="jxr_linenumber" name="L94" href="#L94">94</a>
<a class="jxr_linenumber" name="L95" href="#L95">95</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L96" href="#L96">96</a> <em class="jxr_javadoccomment"> * Field indicating if the analyzer is enabled.</em>
<a class="jxr_linenumber" name="L97" href="#L97">97</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L98" href="#L98">98</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">boolean</strong> enabled = checkEnabled();
<a class="jxr_linenumber" name="L99" href="#L99">99</a>
<a class="jxr_linenumber" name="L100" href="#L100">100</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L101" href="#L101">101</a> <em class="jxr_javadoccomment"> * Determines if this analyzer is enabled</em>
<a class="jxr_linenumber" name="L102" href="#L102">102</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L103" href="#L103">103</a> <em class="jxr_javadoccomment"> * @return &lt;code&gt;true&lt;/code&gt; if the analyzer is enabled; otherwise</em>
<a class="jxr_linenumber" name="L104" href="#L104">104</a> <em class="jxr_javadoccomment"> * &lt;code&gt;false&lt;/code&gt;</em>
<a class="jxr_linenumber" name="L105" href="#L105">105</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L106" href="#L106">106</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">boolean</strong> checkEnabled() {
<a class="jxr_linenumber" name="L107" href="#L107">107</a> <em class="jxr_comment">/* Enable this analyzer ONLY if the Nexus URL has been set to something</em>
<a class="jxr_linenumber" name="L108" href="#L108">108</a> <em class="jxr_comment"> other than the default one (if it's the default one, we'll use the</em>
<a class="jxr_linenumber" name="L109" href="#L109">109</a> <em class="jxr_comment"> central one) and it's enabled by the user.</em>
<a class="jxr_linenumber" name="L110" href="#L110">110</a> <em class="jxr_comment"> */</em>
<a class="jxr_linenumber" name="L111" href="#L111">111</a> <strong class="jxr_keyword">boolean</strong> retval = false;
<a class="jxr_linenumber" name="L112" href="#L112">112</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L113" href="#L113">113</a> <strong class="jxr_keyword">if</strong> (!DEFAULT_URL.equals(Settings.getString(Settings.KEYS.ANALYZER_NEXUS_URL))
<a class="jxr_linenumber" name="L114" href="#L114">114</a> &amp;&amp; Settings.getBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED)) {
<a class="jxr_linenumber" name="L115" href="#L115">115</a> LOGGER.info(<span class="jxr_string">"Enabling Nexus analyzer"</span>);
<a class="jxr_linenumber" name="L116" href="#L116">116</a> retval = <strong class="jxr_keyword">true</strong>;
<a class="jxr_linenumber" name="L117" href="#L117">117</a> } <strong class="jxr_keyword">else</strong> {
<a class="jxr_linenumber" name="L118" href="#L118">118</a> LOGGER.debug(<span class="jxr_string">"Nexus analyzer disabled, using Central instead"</span>);
<a class="jxr_linenumber" name="L119" href="#L119">119</a> }
<a class="jxr_linenumber" name="L120" href="#L120">120</a> } <strong class="jxr_keyword">catch</strong> (InvalidSettingException ise) {
<a class="jxr_linenumber" name="L121" href="#L121">121</a> LOGGER.warn(<span class="jxr_string">"Invalid setting. Disabling Nexus analyzer"</span>);
<a class="jxr_linenumber" name="L122" href="#L122">122</a> }
<a class="jxr_linenumber" name="L123" href="#L123">123</a>
<a class="jxr_linenumber" name="L124" href="#L124">124</a> <strong class="jxr_keyword">return</strong> retval;
<a class="jxr_linenumber" name="L125" href="#L125">125</a> }
<a class="jxr_linenumber" name="L126" href="#L126">126</a>
<a class="jxr_linenumber" name="L127" href="#L127">127</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L128" href="#L128">128</a> <em class="jxr_javadoccomment"> * Determine whether to enable this analyzer or not.</em>
<a class="jxr_linenumber" name="L129" href="#L129">129</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L130" href="#L130">130</a> <em class="jxr_javadoccomment"> * @return whether the analyzer should be enabled</em>
<a class="jxr_linenumber" name="L131" href="#L131">131</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L132" href="#L132">132</a> @Override
<a class="jxr_linenumber" name="L133" href="#L133">133</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">boolean</strong> isEnabled() {
<a class="jxr_linenumber" name="L134" href="#L134">134</a> <strong class="jxr_keyword">return</strong> enabled;
<a class="jxr_linenumber" name="L135" href="#L135">135</a> }
<a class="jxr_linenumber" name="L136" href="#L136">136</a>
<a class="jxr_linenumber" name="L137" href="#L137">137</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L138" href="#L138">138</a> <em class="jxr_javadoccomment"> * Initializes the analyzer once before any analysis is performed.</em>
<a class="jxr_linenumber" name="L139" href="#L139">139</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L140" href="#L140">140</a> <em class="jxr_javadoccomment"> * @throws InitializationException if there's an error during initialization</em>
<a class="jxr_linenumber" name="L141" href="#L141">141</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L142" href="#L142">142</a> @Override
<a class="jxr_linenumber" name="L143" href="#L143">143</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> initializeFileTypeAnalyzer() <strong class="jxr_keyword">throws</strong> InitializationException {
<a class="jxr_linenumber" name="L144" href="#L144">144</a> LOGGER.debug(<span class="jxr_string">"Initializing Nexus Analyzer"</span>);
<a class="jxr_linenumber" name="L145" href="#L145">145</a> LOGGER.debug(<span class="jxr_string">"Nexus Analyzer enabled: {}"</span>, isEnabled());
<a class="jxr_linenumber" name="L146" href="#L146">146</a> <strong class="jxr_keyword">if</strong> (isEnabled()) {
<a class="jxr_linenumber" name="L147" href="#L147">147</a> <strong class="jxr_keyword">final</strong> String searchUrl = Settings.getString(Settings.KEYS.ANALYZER_NEXUS_URL);
<a class="jxr_linenumber" name="L148" href="#L148">148</a> LOGGER.debug(<span class="jxr_string">"Nexus Analyzer URL: {}"</span>, searchUrl);
<a class="jxr_linenumber" name="L149" href="#L149">149</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L150" href="#L150">150</a> searcher = <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/data/nexus/NexusSearch.html">NexusSearch</a>(<strong class="jxr_keyword">new</strong> URL(searchUrl));
<a class="jxr_linenumber" name="L151" href="#L151">151</a> <strong class="jxr_keyword">if</strong> (!searcher.preflightRequest()) {
<a class="jxr_linenumber" name="L152" href="#L152">152</a> setEnabled(false);
<a class="jxr_linenumber" name="L153" href="#L153">153</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/exception/InitializationException.html">InitializationException</a>(<span class="jxr_string">"There was an issue getting Nexus status. Disabling analyzer."</span>);
<a class="jxr_linenumber" name="L154" href="#L154">154</a> }
<a class="jxr_linenumber" name="L155" href="#L155">155</a> } <strong class="jxr_keyword">catch</strong> (MalformedURLException mue) {
<a class="jxr_linenumber" name="L156" href="#L156">156</a> setEnabled(false);
<a class="jxr_linenumber" name="L157" href="#L157">157</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/exception/InitializationException.html">InitializationException</a>(<span class="jxr_string">"Malformed URL to Nexus: "</span> + searchUrl, mue);
<a class="jxr_linenumber" name="L158" href="#L158">158</a> }
<a class="jxr_linenumber" name="L159" href="#L159">159</a> }
<a class="jxr_linenumber" name="L160" href="#L160">160</a> }
<a class="jxr_linenumber" name="L161" href="#L161">161</a>
<a class="jxr_linenumber" name="L162" href="#L162">162</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L163" href="#L163">163</a> <em class="jxr_javadoccomment"> * Returns the analyzer's name.</em>
<a class="jxr_linenumber" name="L164" href="#L164">164</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L165" href="#L165">165</a> <em class="jxr_javadoccomment"> * @return the name of the analyzer</em>
<a class="jxr_linenumber" name="L166" href="#L166">166</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L167" href="#L167">167</a> @Override
<a class="jxr_linenumber" name="L168" href="#L168">168</a> <strong class="jxr_keyword">public</strong> String getName() {
<a class="jxr_linenumber" name="L169" href="#L169">169</a> <strong class="jxr_keyword">return</strong> ANALYZER_NAME;
<a class="jxr_linenumber" name="L170" href="#L170">170</a> }
<a class="jxr_linenumber" name="L171" href="#L171">171</a>
<a class="jxr_linenumber" name="L172" href="#L172">172</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L173" href="#L173">173</a> <em class="jxr_javadoccomment"> * Returns the key used in the properties file to reference the analyzer's</em>
<a class="jxr_linenumber" name="L174" href="#L174">174</a> <em class="jxr_javadoccomment"> * enabled property.</em>
<a class="jxr_linenumber" name="L175" href="#L175">175</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L176" href="#L176">176</a> <em class="jxr_javadoccomment"> * @return the analyzer's enabled property setting key</em>
<a class="jxr_linenumber" name="L177" href="#L177">177</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L178" href="#L178">178</a> @Override
<a class="jxr_linenumber" name="L179" href="#L179">179</a> <strong class="jxr_keyword">protected</strong> String getAnalyzerEnabledSettingKey() {
<a class="jxr_linenumber" name="L180" href="#L180">180</a> <strong class="jxr_keyword">return</strong> Settings.KEYS.ANALYZER_NEXUS_ENABLED;
<a class="jxr_linenumber" name="L181" href="#L181">181</a> }
<a class="jxr_linenumber" name="L182" href="#L182">182</a>
<a class="jxr_linenumber" name="L183" href="#L183">183</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L184" href="#L184">184</a> <em class="jxr_javadoccomment"> * Returns the analysis phase under which the analyzer runs.</em>
<a class="jxr_linenumber" name="L185" href="#L185">185</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L186" href="#L186">186</a> <em class="jxr_javadoccomment"> * @return the phase under which this analyzer runs</em>
<a class="jxr_linenumber" name="L187" href="#L187">187</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L188" href="#L188">188</a> @Override
<a class="jxr_linenumber" name="L189" href="#L189">189</a> <strong class="jxr_keyword">public</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisPhase.html">AnalysisPhase</a> getAnalysisPhase() {
<a class="jxr_linenumber" name="L190" href="#L190">190</a> <strong class="jxr_keyword">return</strong> ANALYSIS_PHASE;
<a class="jxr_linenumber" name="L191" href="#L191">191</a> }
<a class="jxr_linenumber" name="L192" href="#L192">192</a>
<a class="jxr_linenumber" name="L193" href="#L193">193</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L194" href="#L194">194</a> <em class="jxr_javadoccomment"> * The file filter used to determine which files this analyzer supports.</em>
<a class="jxr_linenumber" name="L195" href="#L195">195</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L196" href="#L196">196</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> FileFilter FILTER = FileFilterBuilder.newInstance().addExtensions(SUPPORTED_EXTENSIONS).build();
<a class="jxr_linenumber" name="L197" href="#L197">197</a>
<a class="jxr_linenumber" name="L198" href="#L198">198</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L199" href="#L199">199</a> <em class="jxr_javadoccomment"> * Returns the FileFilter</em>
<a class="jxr_linenumber" name="L200" href="#L200">200</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L201" href="#L201">201</a> <em class="jxr_javadoccomment"> * @return the FileFilter</em>
<a class="jxr_linenumber" name="L202" href="#L202">202</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L203" href="#L203">203</a> @Override
<a class="jxr_linenumber" name="L204" href="#L204">204</a> <strong class="jxr_keyword">protected</strong> FileFilter getFileFilter() {
<a class="jxr_linenumber" name="L205" href="#L205">205</a> <strong class="jxr_keyword">return</strong> FILTER;
<a class="jxr_linenumber" name="L206" href="#L206">206</a> }
<a class="jxr_linenumber" name="L207" href="#L207">207</a>
<a class="jxr_linenumber" name="L208" href="#L208">208</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L209" href="#L209">209</a> <em class="jxr_javadoccomment"> * Performs the analysis.</em>
<a class="jxr_linenumber" name="L210" href="#L210">210</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L211" href="#L211">211</a> <em class="jxr_javadoccomment"> * @param dependency the dependency to analyze</em>
<a class="jxr_linenumber" name="L212" href="#L212">212</a> <em class="jxr_javadoccomment"> * @param engine the engine</em>
<a class="jxr_linenumber" name="L213" href="#L213">213</a> <em class="jxr_javadoccomment"> * @throws AnalysisException when there's an exception during analysis</em>
<a class="jxr_linenumber" name="L214" href="#L214">214</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L215" href="#L215">215</a> @Override
<a class="jxr_linenumber" name="L216" href="#L216">216</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> analyzeFileType(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency, <a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a> engine) <strong class="jxr_keyword">throws</strong> AnalysisException {
<a class="jxr_linenumber" name="L217" href="#L217">217</a> <strong class="jxr_keyword">if</strong> (!isEnabled()) {
<a class="jxr_linenumber" name="L218" href="#L218">218</a> <strong class="jxr_keyword">return</strong>;
<a class="jxr_linenumber" name="L219" href="#L219">219</a> }
<a class="jxr_linenumber" name="L220" href="#L220">220</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L221" href="#L221">221</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/data/nexus/MavenArtifact.html">MavenArtifact</a> ma = searcher.searchSha1(dependency.getSha1sum());
<a class="jxr_linenumber" name="L222" href="#L222">222</a> dependency.addAsEvidence(<span class="jxr_string">"nexus"</span>, ma, Confidence.HIGH);
<a class="jxr_linenumber" name="L223" href="#L223">223</a> <strong class="jxr_keyword">boolean</strong> pomAnalyzed = false;
<a class="jxr_linenumber" name="L224" href="#L224">224</a> LOGGER.debug(<span class="jxr_string">"POM URL {}"</span>, ma.getPomUrl());
<a class="jxr_linenumber" name="L225" href="#L225">225</a> <strong class="jxr_keyword">for</strong> (Evidence e : dependency.getVendorEvidence()) {
<a class="jxr_linenumber" name="L226" href="#L226">226</a> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"pom"</span>.equals(e.getSource())) {
<a class="jxr_linenumber" name="L227" href="#L227">227</a> pomAnalyzed = <strong class="jxr_keyword">true</strong>;
<a class="jxr_linenumber" name="L228" href="#L228">228</a> <strong class="jxr_keyword">break</strong>;
<a class="jxr_linenumber" name="L229" href="#L229">229</a> }
<a class="jxr_linenumber" name="L230" href="#L230">230</a> }
<a class="jxr_linenumber" name="L231" href="#L231">231</a> <strong class="jxr_keyword">if</strong> (!pomAnalyzed &amp;&amp; ma.getPomUrl() != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="L232" href="#L232">232</a> File pomFile = <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="L233" href="#L233">233</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L234" href="#L234">234</a> <strong class="jxr_keyword">final</strong> File baseDir = Settings.getTempDirectory();
<a class="jxr_linenumber" name="L235" href="#L235">235</a> pomFile = File.createTempFile(<span class="jxr_string">"pom"</span>, <span class="jxr_string">".xml"</span>, baseDir);
<a class="jxr_linenumber" name="L236" href="#L236">236</a> <strong class="jxr_keyword">if</strong> (!pomFile.delete()) {
<a class="jxr_linenumber" name="L237" href="#L237">237</a> LOGGER.warn(<span class="jxr_string">"Unable to fetch pom.xml for {} from Nexus repository; "</span>
<a class="jxr_linenumber" name="L238" href="#L238">238</a> + <span class="jxr_string">"this could result in undetected CPE/CVEs."</span>, dependency.getFileName());
<a class="jxr_linenumber" name="L239" href="#L239">239</a> LOGGER.debug(<span class="jxr_string">"Unable to delete temp file"</span>);
<a class="jxr_linenumber" name="L240" href="#L240">240</a> }
<a class="jxr_linenumber" name="L241" href="#L241">241</a> LOGGER.debug(<span class="jxr_string">"Downloading {}"</span>, ma.getPomUrl());
<a class="jxr_linenumber" name="L242" href="#L242">242</a> Downloader.fetchFile(<strong class="jxr_keyword">new</strong> URL(ma.getPomUrl()), pomFile);
<a class="jxr_linenumber" name="L243" href="#L243">243</a> PomUtils.analyzePOM(dependency, pomFile);
<a class="jxr_linenumber" name="L244" href="#L244">244</a> } <strong class="jxr_keyword">catch</strong> (DownloadFailedException ex) {
<a class="jxr_linenumber" name="L245" href="#L245">245</a> LOGGER.warn(<span class="jxr_string">"Unable to download pom.xml for {} from Nexus repository; "</span>
<a class="jxr_linenumber" name="L246" href="#L246">246</a> + <span class="jxr_string">"this could result in undetected CPE/CVEs."</span>, dependency.getFileName());
<a class="jxr_linenumber" name="L247" href="#L247">247</a> } <strong class="jxr_keyword">finally</strong> {
<a class="jxr_linenumber" name="L248" href="#L248">248</a> <strong class="jxr_keyword">if</strong> (pomFile != <strong class="jxr_keyword">null</strong> &amp;&amp; pomFile.exists() &amp;&amp; !FileUtils.deleteQuietly(pomFile)) {
<a class="jxr_linenumber" name="L249" href="#L249">249</a> LOGGER.debug(<span class="jxr_string">"Failed to delete temporary pom file {}"</span>, pomFile.toString());
<a class="jxr_linenumber" name="L250" href="#L250">250</a> pomFile.deleteOnExit();
<a class="jxr_linenumber" name="L251" href="#L251">251</a> }
<a class="jxr_linenumber" name="L252" href="#L252">252</a> }
<a class="jxr_linenumber" name="L253" href="#L253">253</a> }
<a class="jxr_linenumber" name="L254" href="#L254">254</a> } <strong class="jxr_keyword">catch</strong> (IllegalArgumentException iae) {
<a class="jxr_linenumber" name="L255" href="#L255">255</a> <em class="jxr_comment">//dependency.addAnalysisException(new AnalysisException("Invalid SHA-1"));</em>
<a class="jxr_linenumber" name="L256" href="#L256">256</a> LOGGER.info(<span class="jxr_string">"invalid sha-1 hash on {}"</span>, dependency.getFileName());
<a class="jxr_linenumber" name="L257" href="#L257">257</a> } <strong class="jxr_keyword">catch</strong> (FileNotFoundException fnfe) {
<a class="jxr_linenumber" name="L258" href="#L258">258</a> <em class="jxr_comment">//dependency.addAnalysisException(new AnalysisException("Artifact not found on repository"));</em>
<a class="jxr_linenumber" name="L259" href="#L259">259</a> LOGGER.debug(<span class="jxr_string">"Artifact not found in repository '{}'"</span>, dependency.getFileName());
<a class="jxr_linenumber" name="L260" href="#L260">260</a> LOGGER.debug(fnfe.getMessage(), fnfe);
<a class="jxr_linenumber" name="L261" href="#L261">261</a> } <strong class="jxr_keyword">catch</strong> (IOException ioe) {
<a class="jxr_linenumber" name="L262" href="#L262">262</a> <em class="jxr_comment">//dependency.addAnalysisException(new AnalysisException("Could not connect to repository", ioe));</em>
<a class="jxr_linenumber" name="L263" href="#L263">263</a> LOGGER.debug(<span class="jxr_string">"Could not connect to nexus repository"</span>, ioe);
<a class="jxr_linenumber" name="L264" href="#L264">264</a> }
<a class="jxr_linenumber" name="L265" href="#L265">265</a> }
<a class="jxr_linenumber" name="L266" href="#L266">266</a> }
<a class="jxr_linenumber" name="L90" href="#L90">90</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">boolean</strong> useProxy;
<a class="jxr_linenumber" name="L91" href="#L91">91</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L92" href="#L92">92</a> <em class="jxr_javadoccomment"> * The Nexus Search to be set up for this analyzer.</em>
<a class="jxr_linenumber" name="L93" href="#L93">93</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L94" href="#L94">94</a> <strong class="jxr_keyword">private</strong> <a href="../../../../org/owasp/dependencycheck/data/nexus/NexusSearch.html">NexusSearch</a> searcher;
<a class="jxr_linenumber" name="L95" href="#L95">95</a>
<a class="jxr_linenumber" name="L96" href="#L96">96</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L97" href="#L97">97</a> <em class="jxr_javadoccomment"> * Field indicating if the analyzer is enabled.</em>
<a class="jxr_linenumber" name="L98" href="#L98">98</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L99" href="#L99">99</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">boolean</strong> enabled = checkEnabled();
<a class="jxr_linenumber" name="L100" href="#L100">100</a>
<a class="jxr_linenumber" name="L101" href="#L101">101</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L102" href="#L102">102</a> <em class="jxr_javadoccomment"> * Determines if this analyzer is enabled</em>
<a class="jxr_linenumber" name="L103" href="#L103">103</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L104" href="#L104">104</a> <em class="jxr_javadoccomment"> * @return &lt;code&gt;true&lt;/code&gt; if the analyzer is enabled; otherwise</em>
<a class="jxr_linenumber" name="L105" href="#L105">105</a> <em class="jxr_javadoccomment"> * &lt;code&gt;false&lt;/code&gt;</em>
<a class="jxr_linenumber" name="L106" href="#L106">106</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L107" href="#L107">107</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">boolean</strong> checkEnabled() {
<a class="jxr_linenumber" name="L108" href="#L108">108</a> <em class="jxr_comment">/* Enable this analyzer ONLY if the Nexus URL has been set to something</em>
<a class="jxr_linenumber" name="L109" href="#L109">109</a> <em class="jxr_comment"> other than the default one (if it's the default one, we'll use the</em>
<a class="jxr_linenumber" name="L110" href="#L110">110</a> <em class="jxr_comment"> central one) and it's enabled by the user.</em>
<a class="jxr_linenumber" name="L111" href="#L111">111</a> <em class="jxr_comment"> */</em>
<a class="jxr_linenumber" name="L112" href="#L112">112</a> <strong class="jxr_keyword">boolean</strong> retval = false;
<a class="jxr_linenumber" name="L113" href="#L113">113</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L114" href="#L114">114</a> <strong class="jxr_keyword">if</strong> (!DEFAULT_URL.equals(Settings.getString(Settings.KEYS.ANALYZER_NEXUS_URL))
<a class="jxr_linenumber" name="L115" href="#L115">115</a> &amp;&amp; Settings.getBoolean(Settings.KEYS.ANALYZER_NEXUS_ENABLED)) {
<a class="jxr_linenumber" name="L116" href="#L116">116</a> LOGGER.info(<span class="jxr_string">"Enabling Nexus analyzer"</span>);
<a class="jxr_linenumber" name="L117" href="#L117">117</a> retval = <strong class="jxr_keyword">true</strong>;
<a class="jxr_linenumber" name="L118" href="#L118">118</a> } <strong class="jxr_keyword">else</strong> {
<a class="jxr_linenumber" name="L119" href="#L119">119</a> LOGGER.debug(<span class="jxr_string">"Nexus analyzer disabled, using Central instead"</span>);
<a class="jxr_linenumber" name="L120" href="#L120">120</a> }
<a class="jxr_linenumber" name="L121" href="#L121">121</a> } <strong class="jxr_keyword">catch</strong> (InvalidSettingException ise) {
<a class="jxr_linenumber" name="L122" href="#L122">122</a> LOGGER.warn(<span class="jxr_string">"Invalid setting. Disabling Nexus analyzer"</span>);
<a class="jxr_linenumber" name="L123" href="#L123">123</a> }
<a class="jxr_linenumber" name="L124" href="#L124">124</a>
<a class="jxr_linenumber" name="L125" href="#L125">125</a> <strong class="jxr_keyword">return</strong> retval;
<a class="jxr_linenumber" name="L126" href="#L126">126</a> }
<a class="jxr_linenumber" name="L127" href="#L127">127</a>
<a class="jxr_linenumber" name="L128" href="#L128">128</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L129" href="#L129">129</a> <em class="jxr_javadoccomment"> * Determine whether to enable this analyzer or not.</em>
<a class="jxr_linenumber" name="L130" href="#L130">130</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L131" href="#L131">131</a> <em class="jxr_javadoccomment"> * @return whether the analyzer should be enabled</em>
<a class="jxr_linenumber" name="L132" href="#L132">132</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L133" href="#L133">133</a> @Override
<a class="jxr_linenumber" name="L134" href="#L134">134</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">boolean</strong> isEnabled() {
<a class="jxr_linenumber" name="L135" href="#L135">135</a> <strong class="jxr_keyword">return</strong> enabled;
<a class="jxr_linenumber" name="L136" href="#L136">136</a> }
<a class="jxr_linenumber" name="L137" href="#L137">137</a>
<a class="jxr_linenumber" name="L138" href="#L138">138</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L139" href="#L139">139</a> <em class="jxr_javadoccomment"> * Initializes the analyzer once before any analysis is performed.</em>
<a class="jxr_linenumber" name="L140" href="#L140">140</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L141" href="#L141">141</a> <em class="jxr_javadoccomment"> * @throws InitializationException if there's an error during initialization</em>
<a class="jxr_linenumber" name="L142" href="#L142">142</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L143" href="#L143">143</a> @Override
<a class="jxr_linenumber" name="L144" href="#L144">144</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> initializeFileTypeAnalyzer() <strong class="jxr_keyword">throws</strong> InitializationException {
<a class="jxr_linenumber" name="L145" href="#L145">145</a> LOGGER.debug(<span class="jxr_string">"Initializing Nexus Analyzer"</span>);
<a class="jxr_linenumber" name="L146" href="#L146">146</a> LOGGER.debug(<span class="jxr_string">"Nexus Analyzer enabled: {}"</span>, isEnabled());
<a class="jxr_linenumber" name="L147" href="#L147">147</a> <strong class="jxr_keyword">if</strong> (isEnabled()) {
<a class="jxr_linenumber" name="L148" href="#L148">148</a> useProxy = useProxy();
<a class="jxr_linenumber" name="L149" href="#L149">149</a> <strong class="jxr_keyword">final</strong> String searchUrl = Settings.getString(Settings.KEYS.ANALYZER_NEXUS_URL);
<a class="jxr_linenumber" name="L150" href="#L150">150</a> LOGGER.debug(<span class="jxr_string">"Nexus Analyzer URL: {}"</span>, searchUrl);
<a class="jxr_linenumber" name="L151" href="#L151">151</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L152" href="#L152">152</a> searcher = <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/data/nexus/NexusSearch.html">NexusSearch</a>(<strong class="jxr_keyword">new</strong> URL(searchUrl), useProxy);
<a class="jxr_linenumber" name="L153" href="#L153">153</a> <strong class="jxr_keyword">if</strong> (!searcher.preflightRequest()) {
<a class="jxr_linenumber" name="L154" href="#L154">154</a> setEnabled(false);
<a class="jxr_linenumber" name="L155" href="#L155">155</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/exception/InitializationException.html">InitializationException</a>(<span class="jxr_string">"There was an issue getting Nexus status. Disabling analyzer."</span>);
<a class="jxr_linenumber" name="L156" href="#L156">156</a> }
<a class="jxr_linenumber" name="L157" href="#L157">157</a> } <strong class="jxr_keyword">catch</strong> (MalformedURLException mue) {
<a class="jxr_linenumber" name="L158" href="#L158">158</a> setEnabled(false);
<a class="jxr_linenumber" name="L159" href="#L159">159</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/exception/InitializationException.html">InitializationException</a>(<span class="jxr_string">"Malformed URL to Nexus: "</span> + searchUrl, mue);
<a class="jxr_linenumber" name="L160" href="#L160">160</a> }
<a class="jxr_linenumber" name="L161" href="#L161">161</a> }
<a class="jxr_linenumber" name="L162" href="#L162">162</a> }
<a class="jxr_linenumber" name="L163" href="#L163">163</a>
<a class="jxr_linenumber" name="L164" href="#L164">164</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L165" href="#L165">165</a> <em class="jxr_javadoccomment"> * Returns the analyzer's name.</em>
<a class="jxr_linenumber" name="L166" href="#L166">166</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L167" href="#L167">167</a> <em class="jxr_javadoccomment"> * @return the name of the analyzer</em>
<a class="jxr_linenumber" name="L168" href="#L168">168</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L169" href="#L169">169</a> @Override
<a class="jxr_linenumber" name="L170" href="#L170">170</a> <strong class="jxr_keyword">public</strong> String getName() {
<a class="jxr_linenumber" name="L171" href="#L171">171</a> <strong class="jxr_keyword">return</strong> ANALYZER_NAME;
<a class="jxr_linenumber" name="L172" href="#L172">172</a> }
<a class="jxr_linenumber" name="L173" href="#L173">173</a>
<a class="jxr_linenumber" name="L174" href="#L174">174</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L175" href="#L175">175</a> <em class="jxr_javadoccomment"> * Returns the key used in the properties file to reference the analyzer's</em>
<a class="jxr_linenumber" name="L176" href="#L176">176</a> <em class="jxr_javadoccomment"> * enabled property.</em>
<a class="jxr_linenumber" name="L177" href="#L177">177</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L178" href="#L178">178</a> <em class="jxr_javadoccomment"> * @return the analyzer's enabled property setting key</em>
<a class="jxr_linenumber" name="L179" href="#L179">179</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L180" href="#L180">180</a> @Override
<a class="jxr_linenumber" name="L181" href="#L181">181</a> <strong class="jxr_keyword">protected</strong> String getAnalyzerEnabledSettingKey() {
<a class="jxr_linenumber" name="L182" href="#L182">182</a> <strong class="jxr_keyword">return</strong> Settings.KEYS.ANALYZER_NEXUS_ENABLED;
<a class="jxr_linenumber" name="L183" href="#L183">183</a> }
<a class="jxr_linenumber" name="L184" href="#L184">184</a>
<a class="jxr_linenumber" name="L185" href="#L185">185</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L186" href="#L186">186</a> <em class="jxr_javadoccomment"> * Returns the analysis phase under which the analyzer runs.</em>
<a class="jxr_linenumber" name="L187" href="#L187">187</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L188" href="#L188">188</a> <em class="jxr_javadoccomment"> * @return the phase under which this analyzer runs</em>
<a class="jxr_linenumber" name="L189" href="#L189">189</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L190" href="#L190">190</a> @Override
<a class="jxr_linenumber" name="L191" href="#L191">191</a> <strong class="jxr_keyword">public</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisPhase.html">AnalysisPhase</a> getAnalysisPhase() {
<a class="jxr_linenumber" name="L192" href="#L192">192</a> <strong class="jxr_keyword">return</strong> ANALYSIS_PHASE;
<a class="jxr_linenumber" name="L193" href="#L193">193</a> }
<a class="jxr_linenumber" name="L194" href="#L194">194</a>
<a class="jxr_linenumber" name="L195" href="#L195">195</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L196" href="#L196">196</a> <em class="jxr_javadoccomment"> * The file filter used to determine which files this analyzer supports.</em>
<a class="jxr_linenumber" name="L197" href="#L197">197</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L198" href="#L198">198</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> FileFilter FILTER = FileFilterBuilder.newInstance().addExtensions(SUPPORTED_EXTENSIONS).build();
<a class="jxr_linenumber" name="L199" href="#L199">199</a>
<a class="jxr_linenumber" name="L200" href="#L200">200</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L201" href="#L201">201</a> <em class="jxr_javadoccomment"> * Returns the FileFilter</em>
<a class="jxr_linenumber" name="L202" href="#L202">202</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L203" href="#L203">203</a> <em class="jxr_javadoccomment"> * @return the FileFilter</em>
<a class="jxr_linenumber" name="L204" href="#L204">204</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L205" href="#L205">205</a> @Override
<a class="jxr_linenumber" name="L206" href="#L206">206</a> <strong class="jxr_keyword">protected</strong> FileFilter getFileFilter() {
<a class="jxr_linenumber" name="L207" href="#L207">207</a> <strong class="jxr_keyword">return</strong> FILTER;
<a class="jxr_linenumber" name="L208" href="#L208">208</a> }
<a class="jxr_linenumber" name="L209" href="#L209">209</a>
<a class="jxr_linenumber" name="L210" href="#L210">210</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L211" href="#L211">211</a> <em class="jxr_javadoccomment"> * Performs the analysis.</em>
<a class="jxr_linenumber" name="L212" href="#L212">212</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L213" href="#L213">213</a> <em class="jxr_javadoccomment"> * @param dependency the dependency to analyze</em>
<a class="jxr_linenumber" name="L214" href="#L214">214</a> <em class="jxr_javadoccomment"> * @param engine the engine</em>
<a class="jxr_linenumber" name="L215" href="#L215">215</a> <em class="jxr_javadoccomment"> * @throws AnalysisException when there's an exception during analysis</em>
<a class="jxr_linenumber" name="L216" href="#L216">216</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L217" href="#L217">217</a> @Override
<a class="jxr_linenumber" name="L218" href="#L218">218</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> analyzeFileType(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency, <a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a> engine) <strong class="jxr_keyword">throws</strong> AnalysisException {
<a class="jxr_linenumber" name="L219" href="#L219">219</a> <strong class="jxr_keyword">if</strong> (!isEnabled()) {
<a class="jxr_linenumber" name="L220" href="#L220">220</a> <strong class="jxr_keyword">return</strong>;
<a class="jxr_linenumber" name="L221" href="#L221">221</a> }
<a class="jxr_linenumber" name="L222" href="#L222">222</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L223" href="#L223">223</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/data/nexus/MavenArtifact.html">MavenArtifact</a> ma = searcher.searchSha1(dependency.getSha1sum());
<a class="jxr_linenumber" name="L224" href="#L224">224</a> dependency.addAsEvidence(<span class="jxr_string">"nexus"</span>, ma, Confidence.HIGH);
<a class="jxr_linenumber" name="L225" href="#L225">225</a> <strong class="jxr_keyword">boolean</strong> pomAnalyzed = false;
<a class="jxr_linenumber" name="L226" href="#L226">226</a> LOGGER.debug(<span class="jxr_string">"POM URL {}"</span>, ma.getPomUrl());
<a class="jxr_linenumber" name="L227" href="#L227">227</a> <strong class="jxr_keyword">for</strong> (Evidence e : dependency.getVendorEvidence()) {
<a class="jxr_linenumber" name="L228" href="#L228">228</a> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"pom"</span>.equals(e.getSource())) {
<a class="jxr_linenumber" name="L229" href="#L229">229</a> pomAnalyzed = <strong class="jxr_keyword">true</strong>;
<a class="jxr_linenumber" name="L230" href="#L230">230</a> <strong class="jxr_keyword">break</strong>;
<a class="jxr_linenumber" name="L231" href="#L231">231</a> }
<a class="jxr_linenumber" name="L232" href="#L232">232</a> }
<a class="jxr_linenumber" name="L233" href="#L233">233</a> <strong class="jxr_keyword">if</strong> (!pomAnalyzed &amp;&amp; ma.getPomUrl() != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="L234" href="#L234">234</a> File pomFile = <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="L235" href="#L235">235</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L236" href="#L236">236</a> <strong class="jxr_keyword">final</strong> File baseDir = Settings.getTempDirectory();
<a class="jxr_linenumber" name="L237" href="#L237">237</a> pomFile = File.createTempFile(<span class="jxr_string">"pom"</span>, <span class="jxr_string">".xml"</span>, baseDir);
<a class="jxr_linenumber" name="L238" href="#L238">238</a> <strong class="jxr_keyword">if</strong> (!pomFile.delete()) {
<a class="jxr_linenumber" name="L239" href="#L239">239</a> LOGGER.warn(<span class="jxr_string">"Unable to fetch pom.xml for {} from Nexus repository; "</span>
<a class="jxr_linenumber" name="L240" href="#L240">240</a> + <span class="jxr_string">"this could result in undetected CPE/CVEs."</span>, dependency.getFileName());
<a class="jxr_linenumber" name="L241" href="#L241">241</a> LOGGER.debug(<span class="jxr_string">"Unable to delete temp file"</span>);
<a class="jxr_linenumber" name="L242" href="#L242">242</a> }
<a class="jxr_linenumber" name="L243" href="#L243">243</a> LOGGER.debug(<span class="jxr_string">"Downloading {}"</span>, ma.getPomUrl());
<a class="jxr_linenumber" name="L244" href="#L244">244</a> Downloader.fetchFile(<strong class="jxr_keyword">new</strong> URL(ma.getPomUrl()), pomFile);
<a class="jxr_linenumber" name="L245" href="#L245">245</a> PomUtils.analyzePOM(dependency, pomFile);
<a class="jxr_linenumber" name="L246" href="#L246">246</a> } <strong class="jxr_keyword">catch</strong> (DownloadFailedException ex) {
<a class="jxr_linenumber" name="L247" href="#L247">247</a> LOGGER.warn(<span class="jxr_string">"Unable to download pom.xml for {} from Nexus repository; "</span>
<a class="jxr_linenumber" name="L248" href="#L248">248</a> + <span class="jxr_string">"this could result in undetected CPE/CVEs."</span>, dependency.getFileName());
<a class="jxr_linenumber" name="L249" href="#L249">249</a> } <strong class="jxr_keyword">finally</strong> {
<a class="jxr_linenumber" name="L250" href="#L250">250</a> <strong class="jxr_keyword">if</strong> (pomFile != <strong class="jxr_keyword">null</strong> &amp;&amp; pomFile.exists() &amp;&amp; !FileUtils.deleteQuietly(pomFile)) {
<a class="jxr_linenumber" name="L251" href="#L251">251</a> LOGGER.debug(<span class="jxr_string">"Failed to delete temporary pom file {}"</span>, pomFile.toString());
<a class="jxr_linenumber" name="L252" href="#L252">252</a> pomFile.deleteOnExit();
<a class="jxr_linenumber" name="L253" href="#L253">253</a> }
<a class="jxr_linenumber" name="L254" href="#L254">254</a> }
<a class="jxr_linenumber" name="L255" href="#L255">255</a> }
<a class="jxr_linenumber" name="L256" href="#L256">256</a> } <strong class="jxr_keyword">catch</strong> (IllegalArgumentException iae) {
<a class="jxr_linenumber" name="L257" href="#L257">257</a> <em class="jxr_comment">//dependency.addAnalysisException(new AnalysisException("Invalid SHA-1"));</em>
<a class="jxr_linenumber" name="L258" href="#L258">258</a> LOGGER.info(<span class="jxr_string">"invalid sha-1 hash on {}"</span>, dependency.getFileName());
<a class="jxr_linenumber" name="L259" href="#L259">259</a> } <strong class="jxr_keyword">catch</strong> (FileNotFoundException fnfe) {
<a class="jxr_linenumber" name="L260" href="#L260">260</a> <em class="jxr_comment">//dependency.addAnalysisException(new AnalysisException("Artifact not found on repository"));</em>
<a class="jxr_linenumber" name="L261" href="#L261">261</a> LOGGER.debug(<span class="jxr_string">"Artifact not found in repository '{}'"</span>, dependency.getFileName());
<a class="jxr_linenumber" name="L262" href="#L262">262</a> LOGGER.debug(fnfe.getMessage(), fnfe);
<a class="jxr_linenumber" name="L263" href="#L263">263</a> } <strong class="jxr_keyword">catch</strong> (IOException ioe) {
<a class="jxr_linenumber" name="L264" href="#L264">264</a> <em class="jxr_comment">//dependency.addAnalysisException(new AnalysisException("Could not connect to repository", ioe));</em>
<a class="jxr_linenumber" name="L265" href="#L265">265</a> LOGGER.debug(<span class="jxr_string">"Could not connect to nexus repository"</span>, ioe);
<a class="jxr_linenumber" name="L266" href="#L266">266</a> }
<a class="jxr_linenumber" name="L267" href="#L267">267</a> }
<a class="jxr_linenumber" name="L268" href="#L268">268</a>
<a class="jxr_linenumber" name="L269" href="#L269">269</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L270" href="#L270">270</a> <em class="jxr_javadoccomment"> * Determine if a proxy should be used.</em>
<a class="jxr_linenumber" name="L271" href="#L271">271</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L272" href="#L272">272</a> <em class="jxr_javadoccomment"> * @return {@code true} if a proxy should be used</em>
<a class="jxr_linenumber" name="L273" href="#L273">273</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L274" href="#L274">274</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">boolean</strong> useProxy() {
<a class="jxr_linenumber" name="L275" href="#L275">275</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L276" href="#L276">276</a> <strong class="jxr_keyword">return</strong> Settings.getString(Settings.KEYS.PROXY_SERVER) != <strong class="jxr_keyword">null</strong>
<a class="jxr_linenumber" name="L277" href="#L277">277</a> &amp;&amp; Settings.getBoolean(Settings.KEYS.ANALYZER_NEXUS_USES_PROXY);
<a class="jxr_linenumber" name="L278" href="#L278">278</a> } <strong class="jxr_keyword">catch</strong> (InvalidSettingException ise) {
<a class="jxr_linenumber" name="L279" href="#L279">279</a> LOGGER.warn(<span class="jxr_string">"Failed to parse proxy settings."</span>, ise);
<a class="jxr_linenumber" name="L280" href="#L280">280</a> <strong class="jxr_keyword">return</strong> false;
<a class="jxr_linenumber" name="L281" href="#L281">281</a> }
<a class="jxr_linenumber" name="L282" href="#L282">282</a> }
<a class="jxr_linenumber" name="L283" href="#L283">283</a> }
</pre>
<hr/>
<div id="footer">Copyright &#169; 2012&#x2013;2016 <a href="http://www.owasp.org">OWASP</a>. All rights reserved.</div>

2
xref/org/owasp/dependencycheck/analyzer/NvdCveAnalyzer.html
View File

@@ -44,7 +44,7 @@
<a class="jxr_linenumber" name="L36" href="#L36">36</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L37" href="#L37">37</a> <em class="jxr_javadoccomment"> * @author Jeremy Long</em>
<a class="jxr_linenumber" name="L38" href="#L38">38</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L39" href="#L39">39</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">class</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/NvdCveAnalyzer.html">NvdCveAnalyzer</a> <strong class="jxr_keyword">implements</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/Analyzer.html">Analyzer</a> {
<a class="jxr_linenumber" name="L39" href="#L39">39</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">class</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/NvdCveAnalyzer.html">NvdCveAnalyzer</a> <strong class="jxr_keyword">extends</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AbstractAnalyzer.html">AbstractAnalyzer</a> {
<a class="jxr_linenumber" name="L40" href="#L40">40</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L41" href="#L41">41</a> <em class="jxr_javadoccomment"> * The Logger for use throughout the class</em>
<a class="jxr_linenumber" name="L42" href="#L42">42</a> <em class="jxr_javadoccomment"> */</em>

717
xref/org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzer.html
View File

@@ -53,363 +53,366 @@
<a class="jxr_linenumber" name="L45" href="#L45">45</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.utils.FileUtils;
<a class="jxr_linenumber" name="L46" href="#L46">46</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.utils.Settings;
<a class="jxr_linenumber" name="L47" href="#L47">47</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.utils.UrlStringUtils;
<a class="jxr_linenumber" name="L48" href="#L48">48</a>
<a class="jxr_linenumber" name="L49" href="#L49">49</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L50" href="#L50">50</a> <em class="jxr_javadoccomment"> * Used to analyze a Wheel or egg distribution files, or their contents in</em>
<a class="jxr_linenumber" name="L51" href="#L51">51</a> <em class="jxr_javadoccomment"> * unzipped form, and collect information that can be used to determine the</em>
<a class="jxr_linenumber" name="L52" href="#L52">52</a> <em class="jxr_javadoccomment"> * associated CPE.</em>
<a class="jxr_linenumber" name="L53" href="#L53">53</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L54" href="#L54">54</a> <em class="jxr_javadoccomment"> * @author Dale Visser</em>
<a class="jxr_linenumber" name="L55" href="#L55">55</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L56" href="#L56">56</a> @Experimental
<a class="jxr_linenumber" name="L57" href="#L57">57</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">class</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzer.html">PythonDistributionAnalyzer</a> <strong class="jxr_keyword">extends</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzer.html">AbstractFileTypeAnalyzer</a> {
<a class="jxr_linenumber" name="L58" href="#L58">58</a>
<a class="jxr_linenumber" name="L59" href="#L59">59</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L60" href="#L60">60</a> <em class="jxr_javadoccomment"> * Name of egg metadata files to analyze.</em>
<a class="jxr_linenumber" name="L61" href="#L61">61</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L62" href="#L62">62</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String PKG_INFO = <span class="jxr_string">"PKG-INFO"</span>;
<a class="jxr_linenumber" name="L63" href="#L63">63</a>
<a class="jxr_linenumber" name="L64" href="#L64">64</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L65" href="#L65">65</a> <em class="jxr_javadoccomment"> * Name of wheel metadata files to analyze.</em>
<a class="jxr_linenumber" name="L66" href="#L66">66</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L67" href="#L67">67</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String METADATA = <span class="jxr_string">"METADATA"</span>;
<a class="jxr_linenumber" name="L68" href="#L68">68</a>
<a class="jxr_linenumber" name="L69" href="#L69">69</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L70" href="#L70">70</a> <em class="jxr_javadoccomment"> * The logger.</em>
<a class="jxr_linenumber" name="L71" href="#L71">71</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L72" href="#L72">72</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Logger LOGGER = LoggerFactory
<a class="jxr_linenumber" name="L73" href="#L73">73</a> .getLogger(PythonDistributionAnalyzer.<strong class="jxr_keyword">class</strong>);
<a class="jxr_linenumber" name="L74" href="#L74">74</a>
<a class="jxr_linenumber" name="L75" href="#L75">75</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L76" href="#L76">76</a> <em class="jxr_javadoccomment"> * The count of directories created during analysis. This is used for</em>
<a class="jxr_linenumber" name="L77" href="#L77">77</a> <em class="jxr_javadoccomment"> * creating temporary directories.</em>
<a class="jxr_linenumber" name="L78" href="#L78">78</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L79" href="#L79">79</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">int</strong> dirCount = 0;
<a class="jxr_linenumber" name="L80" href="#L80">80</a>
<a class="jxr_linenumber" name="L81" href="#L81">81</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L82" href="#L82">82</a> <em class="jxr_javadoccomment"> * The name of the analyzer.</em>
<a class="jxr_linenumber" name="L83" href="#L83">83</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L84" href="#L84">84</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String ANALYZER_NAME = <span class="jxr_string">"Python Distribution Analyzer"</span>;
<a class="jxr_linenumber" name="L85" href="#L85">85</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L86" href="#L86">86</a> <em class="jxr_javadoccomment"> * The phase that this analyzer is intended to run in.</em>
<a class="jxr_linenumber" name="L87" href="#L87">87</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L88" href="#L88">88</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisPhase.html">AnalysisPhase</a> ANALYSIS_PHASE = AnalysisPhase.INFORMATION_COLLECTION;
<a class="jxr_linenumber" name="L89" href="#L89">89</a>
<a class="jxr_linenumber" name="L90" href="#L90">90</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L91" href="#L91">91</a> <em class="jxr_javadoccomment"> * The set of file extensions supported by this analyzer.</em>
<a class="jxr_linenumber" name="L92" href="#L92">92</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L93" href="#L93">93</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String[] EXTENSIONS = {<span class="jxr_string">"whl"</span>, <span class="jxr_string">"egg"</span>, <span class="jxr_string">"zip"</span>};
<a class="jxr_linenumber" name="L94" href="#L94">94</a>
<a class="jxr_linenumber" name="L95" href="#L95">95</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L96" href="#L96">96</a> <em class="jxr_javadoccomment"> * Used to match on egg archive candidate extensions.</em>
<a class="jxr_linenumber" name="L97" href="#L97">97</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L98" href="#L98">98</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> FileFilter EGG_OR_ZIP = FileFilterBuilder.newInstance().addExtensions(<span class="jxr_string">"egg"</span>, <span class="jxr_string">"zip"</span>).build();
<a class="jxr_linenumber" name="L99" href="#L99">99</a>
<a class="jxr_linenumber" name="L100" href="#L100">100</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L101" href="#L101">101</a> <em class="jxr_javadoccomment"> * Used to detect files with a .whl extension.</em>
<a class="jxr_linenumber" name="L102" href="#L102">102</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L103" href="#L103">103</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> FileFilter WHL_FILTER = FileFilterBuilder.newInstance().addExtensions(<span class="jxr_string">"whl"</span>).build();
<a class="jxr_linenumber" name="L104" href="#L104">104</a>
<a class="jxr_linenumber" name="L105" href="#L105">105</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L106" href="#L106">106</a> <em class="jxr_javadoccomment"> * The parent directory for the individual directories per archive.</em>
<a class="jxr_linenumber" name="L107" href="#L107">107</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L108" href="#L108">108</a> <strong class="jxr_keyword">private</strong> File tempFileLocation;
<a class="jxr_linenumber" name="L109" href="#L109">109</a>
<a class="jxr_linenumber" name="L110" href="#L110">110</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L111" href="#L111">111</a> <em class="jxr_javadoccomment"> * Filter that detects *.dist-info files (but doesn't verify they are</em>
<a class="jxr_linenumber" name="L112" href="#L112">112</a> <em class="jxr_javadoccomment"> * directories.</em>
<a class="jxr_linenumber" name="L113" href="#L113">113</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L114" href="#L114">114</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> FilenameFilter DIST_INFO_FILTER = <strong class="jxr_keyword">new</strong> SuffixFileFilter(
<a class="jxr_linenumber" name="L115" href="#L115">115</a> <span class="jxr_string">".dist-info"</span>);
<a class="jxr_linenumber" name="L116" href="#L116">116</a>
<a class="jxr_linenumber" name="L117" href="#L117">117</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L118" href="#L118">118</a> <em class="jxr_javadoccomment"> * Filter that detects files named "METADATA".</em>
<a class="jxr_linenumber" name="L119" href="#L119">119</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L120" href="#L120">120</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> FilenameFilter EGG_INFO_FILTER = <strong class="jxr_keyword">new</strong> NameFileFilter(
<a class="jxr_linenumber" name="L121" href="#L121">121</a> <span class="jxr_string">"EGG-INFO"</span>);
<a class="jxr_linenumber" name="L122" href="#L122">122</a>
<a class="jxr_linenumber" name="L123" href="#L123">123</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L124" href="#L124">124</a> <em class="jxr_javadoccomment"> * Filter that detects files named "METADATA".</em>
<a class="jxr_linenumber" name="L125" href="#L125">125</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L126" href="#L126">126</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> NameFileFilter METADATA_FILTER = <strong class="jxr_keyword">new</strong> NameFileFilter(
<a class="jxr_linenumber" name="L127" href="#L127">127</a> METADATA);
<a class="jxr_linenumber" name="L128" href="#L128">128</a>
<a class="jxr_linenumber" name="L129" href="#L129">129</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L130" href="#L130">130</a> <em class="jxr_javadoccomment"> * Filter that detects files named "PKG-INFO".</em>
<a class="jxr_linenumber" name="L131" href="#L131">131</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L132" href="#L132">132</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> NameFileFilter PKG_INFO_FILTER = <strong class="jxr_keyword">new</strong> NameFileFilter(
<a class="jxr_linenumber" name="L133" href="#L133">133</a> PKG_INFO);
<a class="jxr_linenumber" name="L134" href="#L134">134</a>
<a class="jxr_linenumber" name="L135" href="#L135">135</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L136" href="#L136">136</a> <em class="jxr_javadoccomment"> * The file filter used to determine which files this analyzer supports.</em>
<a class="jxr_linenumber" name="L137" href="#L137">137</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L138" href="#L138">138</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> FileFilter FILTER = FileFilterBuilder.newInstance().addFileFilters(
<a class="jxr_linenumber" name="L139" href="#L139">139</a> METADATA_FILTER, PKG_INFO_FILTER).addExtensions(EXTENSIONS).build();
<a class="jxr_linenumber" name="L140" href="#L140">140</a>
<a class="jxr_linenumber" name="L141" href="#L141">141</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L142" href="#L142">142</a> <em class="jxr_javadoccomment"> * Returns the FileFilter</em>
<a class="jxr_linenumber" name="L143" href="#L143">143</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L144" href="#L144">144</a> <em class="jxr_javadoccomment"> * @return the FileFilter</em>
<a class="jxr_linenumber" name="L145" href="#L145">145</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L146" href="#L146">146</a> @Override
<a class="jxr_linenumber" name="L147" href="#L147">147</a> <strong class="jxr_keyword">protected</strong> FileFilter getFileFilter() {
<a class="jxr_linenumber" name="L148" href="#L148">148</a> <strong class="jxr_keyword">return</strong> FILTER;
<a class="jxr_linenumber" name="L149" href="#L149">149</a> }
<a class="jxr_linenumber" name="L150" href="#L150">150</a>
<a class="jxr_linenumber" name="L151" href="#L151">151</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L152" href="#L152">152</a> <em class="jxr_javadoccomment"> * Returns the name of the analyzer.</em>
<a class="jxr_linenumber" name="L153" href="#L153">153</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L154" href="#L154">154</a> <em class="jxr_javadoccomment"> * @return the name of the analyzer.</em>
<a class="jxr_linenumber" name="L155" href="#L155">155</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L156" href="#L156">156</a> @Override
<a class="jxr_linenumber" name="L157" href="#L157">157</a> <strong class="jxr_keyword">public</strong> String getName() {
<a class="jxr_linenumber" name="L158" href="#L158">158</a> <strong class="jxr_keyword">return</strong> ANALYZER_NAME;
<a class="jxr_linenumber" name="L159" href="#L159">159</a> }
<a class="jxr_linenumber" name="L160" href="#L160">160</a>
<a class="jxr_linenumber" name="L161" href="#L161">161</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L162" href="#L162">162</a> <em class="jxr_javadoccomment"> * Returns the phase that the analyzer is intended to run in.</em>
<a class="jxr_linenumber" name="L163" href="#L163">163</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L164" href="#L164">164</a> <em class="jxr_javadoccomment"> * @return the phase that the analyzer is intended to run in.</em>
<a class="jxr_linenumber" name="L165" href="#L165">165</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L166" href="#L166">166</a> @Override
<a class="jxr_linenumber" name="L167" href="#L167">167</a> <strong class="jxr_keyword">public</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisPhase.html">AnalysisPhase</a> getAnalysisPhase() {
<a class="jxr_linenumber" name="L168" href="#L168">168</a> <strong class="jxr_keyword">return</strong> ANALYSIS_PHASE;
<a class="jxr_linenumber" name="L169" href="#L169">169</a> }
<a class="jxr_linenumber" name="L170" href="#L170">170</a>
<a class="jxr_linenumber" name="L171" href="#L171">171</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L172" href="#L172">172</a> <em class="jxr_javadoccomment"> * Returns the key used in the properties file to reference the analyzer's</em>
<a class="jxr_linenumber" name="L173" href="#L173">173</a> <em class="jxr_javadoccomment"> * enabled property.</em>
<a class="jxr_linenumber" name="L174" href="#L174">174</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L175" href="#L175">175</a> <em class="jxr_javadoccomment"> * @return the analyzer's enabled property setting key</em>
<a class="jxr_linenumber" name="L176" href="#L176">176</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L177" href="#L177">177</a> @Override
<a class="jxr_linenumber" name="L178" href="#L178">178</a> <strong class="jxr_keyword">protected</strong> String getAnalyzerEnabledSettingKey() {
<a class="jxr_linenumber" name="L179" href="#L179">179</a> <strong class="jxr_keyword">return</strong> Settings.KEYS.ANALYZER_PYTHON_DISTRIBUTION_ENABLED;
<a class="jxr_linenumber" name="L180" href="#L180">180</a> }
<a class="jxr_linenumber" name="L181" href="#L181">181</a>
<a class="jxr_linenumber" name="L182" href="#L182">182</a> @Override
<a class="jxr_linenumber" name="L183" href="#L183">183</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">void</strong> analyzeFileType(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency, <a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a> engine)
<a class="jxr_linenumber" name="L184" href="#L184">184</a> <strong class="jxr_keyword">throws</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a> {
<a class="jxr_linenumber" name="L185" href="#L185">185</a> <strong class="jxr_keyword">final</strong> File actualFile = dependency.getActualFile();
<a class="jxr_linenumber" name="L186" href="#L186">186</a> <strong class="jxr_keyword">if</strong> (WHL_FILTER.accept(actualFile)) {
<a class="jxr_linenumber" name="L187" href="#L187">187</a> collectMetadataFromArchiveFormat(dependency, DIST_INFO_FILTER,
<a class="jxr_linenumber" name="L188" href="#L188">188</a> METADATA_FILTER);
<a class="jxr_linenumber" name="L189" href="#L189">189</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (EGG_OR_ZIP.accept(actualFile)) {
<a class="jxr_linenumber" name="L190" href="#L190">190</a> collectMetadataFromArchiveFormat(dependency, EGG_INFO_FILTER,
<a class="jxr_linenumber" name="L191" href="#L191">191</a> PKG_INFO_FILTER);
<a class="jxr_linenumber" name="L192" href="#L192">192</a> } <strong class="jxr_keyword">else</strong> {
<a class="jxr_linenumber" name="L193" href="#L193">193</a> <strong class="jxr_keyword">final</strong> String name = actualFile.getName();
<a class="jxr_linenumber" name="L194" href="#L194">194</a> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">boolean</strong> metadata = METADATA.equals(name);
<a class="jxr_linenumber" name="L195" href="#L195">195</a> <strong class="jxr_keyword">if</strong> (metadata || PKG_INFO.equals(name)) {
<a class="jxr_linenumber" name="L196" href="#L196">196</a> <strong class="jxr_keyword">final</strong> File parent = actualFile.getParentFile();
<a class="jxr_linenumber" name="L197" href="#L197">197</a> <strong class="jxr_keyword">final</strong> String parentName = parent.getName();
<a class="jxr_linenumber" name="L198" href="#L198">198</a> dependency.setDisplayFileName(parentName + <span class="jxr_string">"/"</span> + name);
<a class="jxr_linenumber" name="L199" href="#L199">199</a> <strong class="jxr_keyword">if</strong> (parent.isDirectory()
<a class="jxr_linenumber" name="L200" href="#L200">200</a> &amp;&amp; (metadata &amp;&amp; parentName.endsWith(<span class="jxr_string">".dist-info"</span>)
<a class="jxr_linenumber" name="L201" href="#L201">201</a> || parentName.endsWith(<span class="jxr_string">".egg-info"</span>) || <span class="jxr_string">"EGG-INFO"</span>
<a class="jxr_linenumber" name="L202" href="#L202">202</a> .equals(parentName))) {
<a class="jxr_linenumber" name="L203" href="#L203">203</a> collectWheelMetadata(dependency, actualFile);
<a class="jxr_linenumber" name="L204" href="#L204">204</a> }
<a class="jxr_linenumber" name="L205" href="#L205">205</a> }
<a class="jxr_linenumber" name="L206" href="#L206">206</a> }
<a class="jxr_linenumber" name="L207" href="#L207">207</a> }
<a class="jxr_linenumber" name="L208" href="#L208">208</a>
<a class="jxr_linenumber" name="L209" href="#L209">209</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L210" href="#L210">210</a> <em class="jxr_javadoccomment"> * Collects the meta data from an archive.</em>
<a class="jxr_linenumber" name="L211" href="#L211">211</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L212" href="#L212">212</a> <em class="jxr_javadoccomment"> * @param dependency the archive being scanned</em>
<a class="jxr_linenumber" name="L213" href="#L213">213</a> <em class="jxr_javadoccomment"> * @param folderFilter the filter to apply to the folder</em>
<a class="jxr_linenumber" name="L214" href="#L214">214</a> <em class="jxr_javadoccomment"> * @param metadataFilter the filter to apply to the meta data</em>
<a class="jxr_linenumber" name="L215" href="#L215">215</a> <em class="jxr_javadoccomment"> * @throws AnalysisException thrown when there is a problem analyzing the</em>
<a class="jxr_linenumber" name="L216" href="#L216">216</a> <em class="jxr_javadoccomment"> * dependency</em>
<a class="jxr_linenumber" name="L217" href="#L217">217</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L218" href="#L218">218</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> collectMetadataFromArchiveFormat(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency,
<a class="jxr_linenumber" name="L219" href="#L219">219</a> FilenameFilter folderFilter, FilenameFilter metadataFilter)
<a class="jxr_linenumber" name="L220" href="#L220">220</a> <strong class="jxr_keyword">throws</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a> {
<a class="jxr_linenumber" name="L221" href="#L221">221</a> <strong class="jxr_keyword">final</strong> File temp = getNextTempDirectory();
<a class="jxr_linenumber" name="L222" href="#L222">222</a> LOGGER.debug(<span class="jxr_string">"{} exists? {}"</span>, temp, temp.exists());
<a class="jxr_linenumber" name="L223" href="#L223">223</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L224" href="#L224">224</a> ExtractionUtil.extractFilesUsingFilter(
<a class="jxr_linenumber" name="L225" href="#L225">225</a> <strong class="jxr_keyword">new</strong> File(dependency.getActualFilePath()), temp,
<a class="jxr_linenumber" name="L226" href="#L226">226</a> metadataFilter);
<a class="jxr_linenumber" name="L227" href="#L227">227</a> } <strong class="jxr_keyword">catch</strong> (ExtractionException ex) {
<a class="jxr_linenumber" name="L228" href="#L228">228</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(ex);
<a class="jxr_linenumber" name="L229" href="#L229">229</a> }
<a class="jxr_linenumber" name="L230" href="#L230">230</a>
<a class="jxr_linenumber" name="L231" href="#L231">231</a> File matchingFile = getMatchingFile(temp, folderFilter);
<a class="jxr_linenumber" name="L232" href="#L232">232</a> <strong class="jxr_keyword">if</strong> (matchingFile != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="L233" href="#L233">233</a> matchingFile = getMatchingFile(matchingFile, metadataFilter);
<a class="jxr_linenumber" name="L234" href="#L234">234</a> <strong class="jxr_keyword">if</strong> (matchingFile != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="L235" href="#L235">235</a> collectWheelMetadata(dependency, matchingFile);
<a class="jxr_linenumber" name="L236" href="#L236">236</a> }
<a class="jxr_linenumber" name="L237" href="#L237">237</a> }
<a class="jxr_linenumber" name="L238" href="#L238">238</a> }
<a class="jxr_linenumber" name="L239" href="#L239">239</a>
<a class="jxr_linenumber" name="L240" href="#L240">240</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L241" href="#L241">241</a> <em class="jxr_javadoccomment"> * Makes sure a usable temporary directory is available.</em>
<a class="jxr_linenumber" name="L242" href="#L242">242</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L243" href="#L243">243</a> <em class="jxr_javadoccomment"> * @throws InitializationException an AnalyzeException is thrown when the</em>
<a class="jxr_linenumber" name="L244" href="#L244">244</a> <em class="jxr_javadoccomment"> * temp directory cannot be created</em>
<a class="jxr_linenumber" name="L245" href="#L245">245</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L246" href="#L246">246</a> @Override
<a class="jxr_linenumber" name="L247" href="#L247">247</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">void</strong> initializeFileTypeAnalyzer() <strong class="jxr_keyword">throws</strong> InitializationException {
<a class="jxr_linenumber" name="L248" href="#L248">248</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L249" href="#L249">249</a> <strong class="jxr_keyword">final</strong> File baseDir = Settings.getTempDirectory();
<a class="jxr_linenumber" name="L250" href="#L250">250</a> tempFileLocation = File.createTempFile(<span class="jxr_string">"check"</span>, <span class="jxr_string">"tmp"</span>, baseDir);
<a class="jxr_linenumber" name="L251" href="#L251">251</a> <strong class="jxr_keyword">if</strong> (!tempFileLocation.delete()) {
<a class="jxr_linenumber" name="L252" href="#L252">252</a> setEnabled(false);
<a class="jxr_linenumber" name="L253" href="#L253">253</a> <strong class="jxr_keyword">final</strong> String msg = String.format(
<a class="jxr_linenumber" name="L254" href="#L254">254</a> <span class="jxr_string">"Unable to delete temporary file '%s'."</span>,
<a class="jxr_linenumber" name="L255" href="#L255">255</a> tempFileLocation.getAbsolutePath());
<a class="jxr_linenumber" name="L256" href="#L256">256</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/exception/InitializationException.html">InitializationException</a>(msg);
<a class="jxr_linenumber" name="L257" href="#L257">257</a> }
<a class="jxr_linenumber" name="L258" href="#L258">258</a> <strong class="jxr_keyword">if</strong> (!tempFileLocation.mkdirs()) {
<a class="jxr_linenumber" name="L259" href="#L259">259</a> setEnabled(false);
<a class="jxr_linenumber" name="L260" href="#L260">260</a> <strong class="jxr_keyword">final</strong> String msg = String.format(
<a class="jxr_linenumber" name="L261" href="#L261">261</a> <span class="jxr_string">"Unable to create directory '%s'."</span>,
<a class="jxr_linenumber" name="L262" href="#L262">262</a> tempFileLocation.getAbsolutePath());
<a class="jxr_linenumber" name="L263" href="#L263">263</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/exception/InitializationException.html">InitializationException</a>(msg);
<a class="jxr_linenumber" name="L264" href="#L264">264</a> }
<a class="jxr_linenumber" name="L265" href="#L265">265</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
<a class="jxr_linenumber" name="L266" href="#L266">266</a> setEnabled(false);
<a class="jxr_linenumber" name="L267" href="#L267">267</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/exception/InitializationException.html">InitializationException</a>(<span class="jxr_string">"Unable to create a temporary file"</span>, ex);
<a class="jxr_linenumber" name="L268" href="#L268">268</a> }
<a class="jxr_linenumber" name="L269" href="#L269">269</a> }
<a class="jxr_linenumber" name="L270" href="#L270">270</a>
<a class="jxr_linenumber" name="L271" href="#L271">271</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L272" href="#L272">272</a> <em class="jxr_javadoccomment"> * Deletes any files extracted from the Wheel during analysis.</em>
<a class="jxr_linenumber" name="L273" href="#L273">273</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L274" href="#L274">274</a> @Override
<a class="jxr_linenumber" name="L275" href="#L275">275</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> close() {
<a class="jxr_linenumber" name="L276" href="#L276">276</a> <strong class="jxr_keyword">if</strong> (tempFileLocation != <strong class="jxr_keyword">null</strong> &amp;&amp; tempFileLocation.exists()) {
<a class="jxr_linenumber" name="L277" href="#L277">277</a> LOGGER.debug(<span class="jxr_string">"Attempting to delete temporary files"</span>);
<a class="jxr_linenumber" name="L278" href="#L278">278</a> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">boolean</strong> success = FileUtils.delete(tempFileLocation);
<a class="jxr_linenumber" name="L279" href="#L279">279</a> <strong class="jxr_keyword">if</strong> (!success) {
<a class="jxr_linenumber" name="L280" href="#L280">280</a> LOGGER.warn(
<a class="jxr_linenumber" name="L281" href="#L281">281</a> <span class="jxr_string">"Failed to delete some temporary files, see the log for more details"</span>);
<a class="jxr_linenumber" name="L282" href="#L282">282</a> }
<a class="jxr_linenumber" name="L283" href="#L283">283</a> }
<a class="jxr_linenumber" name="L284" href="#L284">284</a> }
<a class="jxr_linenumber" name="L285" href="#L285">285</a>
<a class="jxr_linenumber" name="L286" href="#L286">286</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L287" href="#L287">287</a> <em class="jxr_javadoccomment"> * Gathers evidence from the METADATA file.</em>
<a class="jxr_linenumber" name="L288" href="#L288">288</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L289" href="#L289">289</a> <em class="jxr_javadoccomment"> * @param dependency the dependency being analyzed</em>
<a class="jxr_linenumber" name="L290" href="#L290">290</a> <em class="jxr_javadoccomment"> * @param file a reference to the manifest/properties file</em>
<a class="jxr_linenumber" name="L291" href="#L291">291</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L292" href="#L292">292</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">void</strong> collectWheelMetadata(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency, File file) {
<a class="jxr_linenumber" name="L293" href="#L293">293</a> <strong class="jxr_keyword">final</strong> InternetHeaders headers = getManifestProperties(file);
<a class="jxr_linenumber" name="L294" href="#L294">294</a> addPropertyToEvidence(headers, dependency.getVersionEvidence(),
<a class="jxr_linenumber" name="L295" href="#L295">295</a> <span class="jxr_string">"Version"</span>, Confidence.HIGHEST);
<a class="jxr_linenumber" name="L296" href="#L296">296</a> addPropertyToEvidence(headers, dependency.getProductEvidence(), <span class="jxr_string">"Name"</span>,
<a class="jxr_linenumber" name="L297" href="#L297">297</a> Confidence.HIGHEST);
<a class="jxr_linenumber" name="L298" href="#L298">298</a> <strong class="jxr_keyword">final</strong> String url = headers.getHeader(<span class="jxr_string">"Home-page"</span>, <strong class="jxr_keyword">null</strong>);
<a class="jxr_linenumber" name="L299" href="#L299">299</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/EvidenceCollection.html">EvidenceCollection</a> vendorEvidence = dependency
<a class="jxr_linenumber" name="L300" href="#L300">300</a> .getVendorEvidence();
<a class="jxr_linenumber" name="L301" href="#L301">301</a> <strong class="jxr_keyword">if</strong> (StringUtils.isNotBlank(url)) {
<a class="jxr_linenumber" name="L302" href="#L302">302</a> <strong class="jxr_keyword">if</strong> (UrlStringUtils.isUrl(url)) {
<a class="jxr_linenumber" name="L303" href="#L303">303</a> vendorEvidence.addEvidence(METADATA, <span class="jxr_string">"vendor"</span>, url,
<a class="jxr_linenumber" name="L304" href="#L304">304</a> Confidence.MEDIUM);
<a class="jxr_linenumber" name="L305" href="#L305">305</a> }
<a class="jxr_linenumber" name="L306" href="#L306">306</a> }
<a class="jxr_linenumber" name="L307" href="#L307">307</a> addPropertyToEvidence(headers, vendorEvidence, <span class="jxr_string">"Author"</span>, Confidence.LOW);
<a class="jxr_linenumber" name="L308" href="#L308">308</a> <strong class="jxr_keyword">final</strong> String summary = headers.getHeader(<span class="jxr_string">"Summary"</span>, <strong class="jxr_keyword">null</strong>);
<a class="jxr_linenumber" name="L309" href="#L309">309</a> <strong class="jxr_keyword">if</strong> (StringUtils.isNotBlank(summary)) {
<a class="jxr_linenumber" name="L310" href="#L310">310</a> <a href="../../../../org/owasp/dependencycheck/analyzer/JarAnalyzer.html">JarAnalyzer</a>
<a class="jxr_linenumber" name="L311" href="#L311">311</a> .addDescription(dependency, summary, METADATA, <span class="jxr_string">"summary"</span>);
<a class="jxr_linenumber" name="L312" href="#L312">312</a> }
<a class="jxr_linenumber" name="L313" href="#L313">313</a> }
<a class="jxr_linenumber" name="L314" href="#L314">314</a>
<a class="jxr_linenumber" name="L315" href="#L315">315</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L316" href="#L316">316</a> <em class="jxr_javadoccomment"> * Adds a value to the evidence collection.</em>
<a class="jxr_linenumber" name="L317" href="#L317">317</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L318" href="#L318">318</a> <em class="jxr_javadoccomment"> * @param headers the properties collection</em>
<a class="jxr_linenumber" name="L319" href="#L319">319</a> <em class="jxr_javadoccomment"> * @param evidence the evidence collection to add the value</em>
<a class="jxr_linenumber" name="L320" href="#L320">320</a> <em class="jxr_javadoccomment"> * @param property the property name</em>
<a class="jxr_linenumber" name="L321" href="#L321">321</a> <em class="jxr_javadoccomment"> * @param confidence the confidence of the evidence</em>
<a class="jxr_linenumber" name="L322" href="#L322">322</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L323" href="#L323">323</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">void</strong> addPropertyToEvidence(InternetHeaders headers,
<a class="jxr_linenumber" name="L324" href="#L324">324</a> <a href="../../../../org/owasp/dependencycheck/dependency/EvidenceCollection.html">EvidenceCollection</a> evidence, String property, <a href="../../../../org/owasp/dependencycheck/dependency/Confidence.html">Confidence</a> confidence) {
<a class="jxr_linenumber" name="L325" href="#L325">325</a> <strong class="jxr_keyword">final</strong> String value = headers.getHeader(property, <strong class="jxr_keyword">null</strong>);
<a class="jxr_linenumber" name="L326" href="#L326">326</a> LOGGER.debug(<span class="jxr_string">"Property: {}, Value: {}"</span>, property, value);
<a class="jxr_linenumber" name="L327" href="#L327">327</a> <strong class="jxr_keyword">if</strong> (StringUtils.isNotBlank(value)) {
<a class="jxr_linenumber" name="L328" href="#L328">328</a> evidence.addEvidence(METADATA, property, value, confidence);
<a class="jxr_linenumber" name="L329" href="#L329">329</a> }
<a class="jxr_linenumber" name="L330" href="#L330">330</a> }
<a class="jxr_linenumber" name="L331" href="#L331">331</a>
<a class="jxr_linenumber" name="L332" href="#L332">332</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L333" href="#L333">333</a> <em class="jxr_javadoccomment"> * Returns a list of files that match the given filter, this does not</em>
<a class="jxr_linenumber" name="L334" href="#L334">334</a> <em class="jxr_javadoccomment"> * recursively scan the directory.</em>
<a class="jxr_linenumber" name="L335" href="#L335">335</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L336" href="#L336">336</a> <em class="jxr_javadoccomment"> * @param folder the folder to filter</em>
<a class="jxr_linenumber" name="L337" href="#L337">337</a> <em class="jxr_javadoccomment"> * @param filter the filter to apply to the files in the directory</em>
<a class="jxr_linenumber" name="L338" href="#L338">338</a> <em class="jxr_javadoccomment"> * @return the list of Files in the directory that match the provided filter</em>
<a class="jxr_linenumber" name="L339" href="#L339">339</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L340" href="#L340">340</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> File getMatchingFile(File folder, FilenameFilter filter) {
<a class="jxr_linenumber" name="L341" href="#L341">341</a> File result = <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="L342" href="#L342">342</a> <strong class="jxr_keyword">final</strong> File[] matches = folder.listFiles(filter);
<a class="jxr_linenumber" name="L343" href="#L343">343</a> <strong class="jxr_keyword">if</strong> (<strong class="jxr_keyword">null</strong> != matches &amp;&amp; 1 == matches.length) {
<a class="jxr_linenumber" name="L344" href="#L344">344</a> result = matches[0];
<a class="jxr_linenumber" name="L345" href="#L345">345</a> }
<a class="jxr_linenumber" name="L346" href="#L346">346</a> <strong class="jxr_keyword">return</strong> result;
<a class="jxr_linenumber" name="L347" href="#L347">347</a> }
<a class="jxr_linenumber" name="L348" href="#L348">348</a>
<a class="jxr_linenumber" name="L349" href="#L349">349</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L350" href="#L350">350</a> <em class="jxr_javadoccomment"> * Reads the manifest entries from the provided file.</em>
<a class="jxr_linenumber" name="L351" href="#L351">351</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L352" href="#L352">352</a> <em class="jxr_javadoccomment"> * @param manifest the manifest</em>
<a class="jxr_linenumber" name="L353" href="#L353">353</a> <em class="jxr_javadoccomment"> * @return the manifest entries</em>
<a class="jxr_linenumber" name="L354" href="#L354">354</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L355" href="#L355">355</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> InternetHeaders getManifestProperties(File manifest) {
<a class="jxr_linenumber" name="L356" href="#L356">356</a> <strong class="jxr_keyword">final</strong> InternetHeaders result = <strong class="jxr_keyword">new</strong> InternetHeaders();
<a class="jxr_linenumber" name="L357" href="#L357">357</a> <strong class="jxr_keyword">if</strong> (<strong class="jxr_keyword">null</strong> == manifest) {
<a class="jxr_linenumber" name="L358" href="#L358">358</a> LOGGER.debug(<span class="jxr_string">"Manifest file not found."</span>);
<a class="jxr_linenumber" name="L359" href="#L359">359</a> } <strong class="jxr_keyword">else</strong> {
<a class="jxr_linenumber" name="L360" href="#L360">360</a> InputStream in = <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="L361" href="#L361">361</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L362" href="#L362">362</a> in = <strong class="jxr_keyword">new</strong> BufferedInputStream(<strong class="jxr_keyword">new</strong> FileInputStream(manifest));
<a class="jxr_linenumber" name="L363" href="#L363">363</a> result.load(in);
<a class="jxr_linenumber" name="L364" href="#L364">364</a> } <strong class="jxr_keyword">catch</strong> (MessagingException e) {
<a class="jxr_linenumber" name="L365" href="#L365">365</a> LOGGER.warn(e.getMessage(), e);
<a class="jxr_linenumber" name="L366" href="#L366">366</a> } <strong class="jxr_keyword">catch</strong> (FileNotFoundException e) {
<a class="jxr_linenumber" name="L367" href="#L367">367</a> LOGGER.warn(e.getMessage(), e);
<a class="jxr_linenumber" name="L368" href="#L368">368</a> } <strong class="jxr_keyword">finally</strong> {
<a class="jxr_linenumber" name="L369" href="#L369">369</a> <strong class="jxr_keyword">if</strong> (in != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="L370" href="#L370">370</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L371" href="#L371">371</a> in.close();
<a class="jxr_linenumber" name="L372" href="#L372">372</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
<a class="jxr_linenumber" name="L373" href="#L373">373</a> LOGGER.debug(<span class="jxr_string">"failed to close input stream"</span>, ex);
<a class="jxr_linenumber" name="L374" href="#L374">374</a> }
<a class="jxr_linenumber" name="L375" href="#L375">375</a> }
<a class="jxr_linenumber" name="L376" href="#L376">376</a> }
<a class="jxr_linenumber" name="L377" href="#L377">377</a> }
<a class="jxr_linenumber" name="L378" href="#L378">378</a> <strong class="jxr_keyword">return</strong> result;
<a class="jxr_linenumber" name="L379" href="#L379">379</a> }
<a class="jxr_linenumber" name="L380" href="#L380">380</a>
<a class="jxr_linenumber" name="L381" href="#L381">381</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L382" href="#L382">382</a> <em class="jxr_javadoccomment"> * Retrieves the next temporary destination directory for extracting an</em>
<a class="jxr_linenumber" name="L383" href="#L383">383</a> <em class="jxr_javadoccomment"> * archive.</em>
<a class="jxr_linenumber" name="L384" href="#L384">384</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L385" href="#L385">385</a> <em class="jxr_javadoccomment"> * @return a directory</em>
<a class="jxr_linenumber" name="L386" href="#L386">386</a> <em class="jxr_javadoccomment"> * @throws AnalysisException thrown if unable to create temporary directory</em>
<a class="jxr_linenumber" name="L387" href="#L387">387</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L388" href="#L388">388</a> <strong class="jxr_keyword">private</strong> File getNextTempDirectory() <strong class="jxr_keyword">throws</strong> AnalysisException {
<a class="jxr_linenumber" name="L389" href="#L389">389</a> File directory;
<a class="jxr_linenumber" name="L390" href="#L390">390</a>
<a class="jxr_linenumber" name="L391" href="#L391">391</a> <em class="jxr_comment">// getting an exception for some directories not being able to be</em>
<a class="jxr_linenumber" name="L392" href="#L392">392</a> <em class="jxr_comment">// created; might be because the directory already exists?</em>
<a class="jxr_linenumber" name="L393" href="#L393">393</a> <strong class="jxr_keyword">do</strong> {
<a class="jxr_linenumber" name="L394" href="#L394">394</a> dirCount += 1;
<a class="jxr_linenumber" name="L395" href="#L395">395</a> directory = <strong class="jxr_keyword">new</strong> File(tempFileLocation, String.valueOf(dirCount));
<a class="jxr_linenumber" name="L396" href="#L396">396</a> } <strong class="jxr_keyword">while</strong> (directory.exists());
<a class="jxr_linenumber" name="L397" href="#L397">397</a> <strong class="jxr_keyword">if</strong> (!directory.mkdirs()) {
<a class="jxr_linenumber" name="L398" href="#L398">398</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(String.format(
<a class="jxr_linenumber" name="L399" href="#L399">399</a> <span class="jxr_string">"Unable to create temp directory '%s'."</span>,
<a class="jxr_linenumber" name="L400" href="#L400">400</a> directory.getAbsolutePath()));
<a class="jxr_linenumber" name="L401" href="#L401">401</a> }
<a class="jxr_linenumber" name="L402" href="#L402">402</a> <strong class="jxr_keyword">return</strong> directory;
<a class="jxr_linenumber" name="L403" href="#L403">403</a> }
<a class="jxr_linenumber" name="L404" href="#L404">404</a> }
<a class="jxr_linenumber" name="L48" href="#L48">48</a> <strong class="jxr_keyword">import</strong> java.util.concurrent.atomic.AtomicInteger;
<a class="jxr_linenumber" name="L49" href="#L49">49</a>
<a class="jxr_linenumber" name="L50" href="#L50">50</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L51" href="#L51">51</a> <em class="jxr_javadoccomment"> * Used to analyze a Wheel or egg distribution files, or their contents in</em>
<a class="jxr_linenumber" name="L52" href="#L52">52</a> <em class="jxr_javadoccomment"> * unzipped form, and collect information that can be used to determine the</em>
<a class="jxr_linenumber" name="L53" href="#L53">53</a> <em class="jxr_javadoccomment"> * associated CPE.</em>
<a class="jxr_linenumber" name="L54" href="#L54">54</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L55" href="#L55">55</a> <em class="jxr_javadoccomment"> * @author Dale Visser</em>
<a class="jxr_linenumber" name="L56" href="#L56">56</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L57" href="#L57">57</a> @Experimental
<a class="jxr_linenumber" name="L58" href="#L58">58</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">class</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/PythonDistributionAnalyzer.html">PythonDistributionAnalyzer</a> <strong class="jxr_keyword">extends</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzer.html">AbstractFileTypeAnalyzer</a> {
<a class="jxr_linenumber" name="L59" href="#L59">59</a>
<a class="jxr_linenumber" name="L60" href="#L60">60</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L61" href="#L61">61</a> <em class="jxr_javadoccomment"> * Name of egg metadata files to analyze.</em>
<a class="jxr_linenumber" name="L62" href="#L62">62</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L63" href="#L63">63</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String PKG_INFO = <span class="jxr_string">"PKG-INFO"</span>;
<a class="jxr_linenumber" name="L64" href="#L64">64</a>
<a class="jxr_linenumber" name="L65" href="#L65">65</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L66" href="#L66">66</a> <em class="jxr_javadoccomment"> * Name of wheel metadata files to analyze.</em>
<a class="jxr_linenumber" name="L67" href="#L67">67</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L68" href="#L68">68</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String METADATA = <span class="jxr_string">"METADATA"</span>;
<a class="jxr_linenumber" name="L69" href="#L69">69</a>
<a class="jxr_linenumber" name="L70" href="#L70">70</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L71" href="#L71">71</a> <em class="jxr_javadoccomment"> * The logger.</em>
<a class="jxr_linenumber" name="L72" href="#L72">72</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L73" href="#L73">73</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Logger LOGGER = LoggerFactory
<a class="jxr_linenumber" name="L74" href="#L74">74</a> .getLogger(PythonDistributionAnalyzer.<strong class="jxr_keyword">class</strong>);
<a class="jxr_linenumber" name="L75" href="#L75">75</a>
<a class="jxr_linenumber" name="L76" href="#L76">76</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L77" href="#L77">77</a> <em class="jxr_javadoccomment"> * The count of directories created during analysis. This is used for</em>
<a class="jxr_linenumber" name="L78" href="#L78">78</a> <em class="jxr_javadoccomment"> * creating temporary directories.</em>
<a class="jxr_linenumber" name="L79" href="#L79">79</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L80" href="#L80">80</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> AtomicInteger DIR_COUNT = <strong class="jxr_keyword">new</strong> AtomicInteger(0);
<a class="jxr_linenumber" name="L81" href="#L81">81</a>
<a class="jxr_linenumber" name="L82" href="#L82">82</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L83" href="#L83">83</a> <em class="jxr_javadoccomment"> * The name of the analyzer.</em>
<a class="jxr_linenumber" name="L84" href="#L84">84</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L85" href="#L85">85</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String ANALYZER_NAME = <span class="jxr_string">"Python Distribution Analyzer"</span>;
<a class="jxr_linenumber" name="L86" href="#L86">86</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L87" href="#L87">87</a> <em class="jxr_javadoccomment"> * The phase that this analyzer is intended to run in.</em>
<a class="jxr_linenumber" name="L88" href="#L88">88</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L89" href="#L89">89</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisPhase.html">AnalysisPhase</a> ANALYSIS_PHASE = AnalysisPhase.INFORMATION_COLLECTION;
<a class="jxr_linenumber" name="L90" href="#L90">90</a>
<a class="jxr_linenumber" name="L91" href="#L91">91</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L92" href="#L92">92</a> <em class="jxr_javadoccomment"> * The set of file extensions supported by this analyzer.</em>
<a class="jxr_linenumber" name="L93" href="#L93">93</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L94" href="#L94">94</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String[] EXTENSIONS = {<span class="jxr_string">"whl"</span>, <span class="jxr_string">"egg"</span>, <span class="jxr_string">"zip"</span>};
<a class="jxr_linenumber" name="L95" href="#L95">95</a>
<a class="jxr_linenumber" name="L96" href="#L96">96</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L97" href="#L97">97</a> <em class="jxr_javadoccomment"> * Used to match on egg archive candidate extensions.</em>
<a class="jxr_linenumber" name="L98" href="#L98">98</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L99" href="#L99">99</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> FileFilter EGG_OR_ZIP = FileFilterBuilder.newInstance().addExtensions(<span class="jxr_string">"egg"</span>, <span class="jxr_string">"zip"</span>).build();
<a class="jxr_linenumber" name="L100" href="#L100">100</a>
<a class="jxr_linenumber" name="L101" href="#L101">101</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L102" href="#L102">102</a> <em class="jxr_javadoccomment"> * Used to detect files with a .whl extension.</em>
<a class="jxr_linenumber" name="L103" href="#L103">103</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L104" href="#L104">104</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> FileFilter WHL_FILTER = FileFilterBuilder.newInstance().addExtensions(<span class="jxr_string">"whl"</span>).build();
<a class="jxr_linenumber" name="L105" href="#L105">105</a>
<a class="jxr_linenumber" name="L106" href="#L106">106</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L107" href="#L107">107</a> <em class="jxr_javadoccomment"> * The parent directory for the individual directories per archive.</em>
<a class="jxr_linenumber" name="L108" href="#L108">108</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L109" href="#L109">109</a> <strong class="jxr_keyword">private</strong> File tempFileLocation;
<a class="jxr_linenumber" name="L110" href="#L110">110</a>
<a class="jxr_linenumber" name="L111" href="#L111">111</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L112" href="#L112">112</a> <em class="jxr_javadoccomment"> * Filter that detects *.dist-info files (but doesn't verify they are</em>
<a class="jxr_linenumber" name="L113" href="#L113">113</a> <em class="jxr_javadoccomment"> * directories.</em>
<a class="jxr_linenumber" name="L114" href="#L114">114</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L115" href="#L115">115</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> FilenameFilter DIST_INFO_FILTER = <strong class="jxr_keyword">new</strong> SuffixFileFilter(
<a class="jxr_linenumber" name="L116" href="#L116">116</a> <span class="jxr_string">".dist-info"</span>);
<a class="jxr_linenumber" name="L117" href="#L117">117</a>
<a class="jxr_linenumber" name="L118" href="#L118">118</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L119" href="#L119">119</a> <em class="jxr_javadoccomment"> * Filter that detects files named "METADATA".</em>
<a class="jxr_linenumber" name="L120" href="#L120">120</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L121" href="#L121">121</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> FilenameFilter EGG_INFO_FILTER = <strong class="jxr_keyword">new</strong> NameFileFilter(
<a class="jxr_linenumber" name="L122" href="#L122">122</a> <span class="jxr_string">"EGG-INFO"</span>);
<a class="jxr_linenumber" name="L123" href="#L123">123</a>
<a class="jxr_linenumber" name="L124" href="#L124">124</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L125" href="#L125">125</a> <em class="jxr_javadoccomment"> * Filter that detects files named "METADATA".</em>
<a class="jxr_linenumber" name="L126" href="#L126">126</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L127" href="#L127">127</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> NameFileFilter METADATA_FILTER = <strong class="jxr_keyword">new</strong> NameFileFilter(
<a class="jxr_linenumber" name="L128" href="#L128">128</a> METADATA);
<a class="jxr_linenumber" name="L129" href="#L129">129</a>
<a class="jxr_linenumber" name="L130" href="#L130">130</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L131" href="#L131">131</a> <em class="jxr_javadoccomment"> * Filter that detects files named "PKG-INFO".</em>
<a class="jxr_linenumber" name="L132" href="#L132">132</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L133" href="#L133">133</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> NameFileFilter PKG_INFO_FILTER = <strong class="jxr_keyword">new</strong> NameFileFilter(
<a class="jxr_linenumber" name="L134" href="#L134">134</a> PKG_INFO);
<a class="jxr_linenumber" name="L135" href="#L135">135</a>
<a class="jxr_linenumber" name="L136" href="#L136">136</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L137" href="#L137">137</a> <em class="jxr_javadoccomment"> * The file filter used to determine which files this analyzer supports.</em>
<a class="jxr_linenumber" name="L138" href="#L138">138</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L139" href="#L139">139</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> FileFilter FILTER = FileFilterBuilder.newInstance().addFileFilters(
<a class="jxr_linenumber" name="L140" href="#L140">140</a> METADATA_FILTER, PKG_INFO_FILTER).addExtensions(EXTENSIONS).build();
<a class="jxr_linenumber" name="L141" href="#L141">141</a>
<a class="jxr_linenumber" name="L142" href="#L142">142</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L143" href="#L143">143</a> <em class="jxr_javadoccomment"> * Returns the FileFilter</em>
<a class="jxr_linenumber" name="L144" href="#L144">144</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L145" href="#L145">145</a> <em class="jxr_javadoccomment"> * @return the FileFilter</em>
<a class="jxr_linenumber" name="L146" href="#L146">146</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L147" href="#L147">147</a> @Override
<a class="jxr_linenumber" name="L148" href="#L148">148</a> <strong class="jxr_keyword">protected</strong> FileFilter getFileFilter() {
<a class="jxr_linenumber" name="L149" href="#L149">149</a> <strong class="jxr_keyword">return</strong> FILTER;
<a class="jxr_linenumber" name="L150" href="#L150">150</a> }
<a class="jxr_linenumber" name="L151" href="#L151">151</a>
<a class="jxr_linenumber" name="L152" href="#L152">152</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L153" href="#L153">153</a> <em class="jxr_javadoccomment"> * Returns the name of the analyzer.</em>
<a class="jxr_linenumber" name="L154" href="#L154">154</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L155" href="#L155">155</a> <em class="jxr_javadoccomment"> * @return the name of the analyzer.</em>
<a class="jxr_linenumber" name="L156" href="#L156">156</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L157" href="#L157">157</a> @Override
<a class="jxr_linenumber" name="L158" href="#L158">158</a> <strong class="jxr_keyword">public</strong> String getName() {
<a class="jxr_linenumber" name="L159" href="#L159">159</a> <strong class="jxr_keyword">return</strong> ANALYZER_NAME;
<a class="jxr_linenumber" name="L160" href="#L160">160</a> }
<a class="jxr_linenumber" name="L161" href="#L161">161</a>
<a class="jxr_linenumber" name="L162" href="#L162">162</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L163" href="#L163">163</a> <em class="jxr_javadoccomment"> * Returns the phase that the analyzer is intended to run in.</em>
<a class="jxr_linenumber" name="L164" href="#L164">164</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L165" href="#L165">165</a> <em class="jxr_javadoccomment"> * @return the phase that the analyzer is intended to run in.</em>
<a class="jxr_linenumber" name="L166" href="#L166">166</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L167" href="#L167">167</a> @Override
<a class="jxr_linenumber" name="L168" href="#L168">168</a> <strong class="jxr_keyword">public</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisPhase.html">AnalysisPhase</a> getAnalysisPhase() {
<a class="jxr_linenumber" name="L169" href="#L169">169</a> <strong class="jxr_keyword">return</strong> ANALYSIS_PHASE;
<a class="jxr_linenumber" name="L170" href="#L170">170</a> }
<a class="jxr_linenumber" name="L171" href="#L171">171</a>
<a class="jxr_linenumber" name="L172" href="#L172">172</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L173" href="#L173">173</a> <em class="jxr_javadoccomment"> * Returns the key used in the properties file to reference the analyzer's</em>
<a class="jxr_linenumber" name="L174" href="#L174">174</a> <em class="jxr_javadoccomment"> * enabled property.</em>
<a class="jxr_linenumber" name="L175" href="#L175">175</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L176" href="#L176">176</a> <em class="jxr_javadoccomment"> * @return the analyzer's enabled property setting key</em>
<a class="jxr_linenumber" name="L177" href="#L177">177</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L178" href="#L178">178</a> @Override
<a class="jxr_linenumber" name="L179" href="#L179">179</a> <strong class="jxr_keyword">protected</strong> String getAnalyzerEnabledSettingKey() {
<a class="jxr_linenumber" name="L180" href="#L180">180</a> <strong class="jxr_keyword">return</strong> Settings.KEYS.ANALYZER_PYTHON_DISTRIBUTION_ENABLED;
<a class="jxr_linenumber" name="L181" href="#L181">181</a> }
<a class="jxr_linenumber" name="L182" href="#L182">182</a>
<a class="jxr_linenumber" name="L183" href="#L183">183</a> @Override
<a class="jxr_linenumber" name="L184" href="#L184">184</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">void</strong> analyzeFileType(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency, <a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a> engine)
<a class="jxr_linenumber" name="L185" href="#L185">185</a> <strong class="jxr_keyword">throws</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a> {
<a class="jxr_linenumber" name="L186" href="#L186">186</a> <strong class="jxr_keyword">final</strong> File actualFile = dependency.getActualFile();
<a class="jxr_linenumber" name="L187" href="#L187">187</a> <strong class="jxr_keyword">if</strong> (WHL_FILTER.accept(actualFile)) {
<a class="jxr_linenumber" name="L188" href="#L188">188</a> collectMetadataFromArchiveFormat(dependency, DIST_INFO_FILTER,
<a class="jxr_linenumber" name="L189" href="#L189">189</a> METADATA_FILTER);
<a class="jxr_linenumber" name="L190" href="#L190">190</a> } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (EGG_OR_ZIP.accept(actualFile)) {
<a class="jxr_linenumber" name="L191" href="#L191">191</a> collectMetadataFromArchiveFormat(dependency, EGG_INFO_FILTER,
<a class="jxr_linenumber" name="L192" href="#L192">192</a> PKG_INFO_FILTER);
<a class="jxr_linenumber" name="L193" href="#L193">193</a> } <strong class="jxr_keyword">else</strong> {
<a class="jxr_linenumber" name="L194" href="#L194">194</a> <strong class="jxr_keyword">final</strong> String name = actualFile.getName();
<a class="jxr_linenumber" name="L195" href="#L195">195</a> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">boolean</strong> metadata = METADATA.equals(name);
<a class="jxr_linenumber" name="L196" href="#L196">196</a> <strong class="jxr_keyword">if</strong> (metadata || PKG_INFO.equals(name)) {
<a class="jxr_linenumber" name="L197" href="#L197">197</a> <strong class="jxr_keyword">final</strong> File parent = actualFile.getParentFile();
<a class="jxr_linenumber" name="L198" href="#L198">198</a> <strong class="jxr_keyword">final</strong> String parentName = parent.getName();
<a class="jxr_linenumber" name="L199" href="#L199">199</a> dependency.setDisplayFileName(parentName + <span class="jxr_string">"/"</span> + name);
<a class="jxr_linenumber" name="L200" href="#L200">200</a> <strong class="jxr_keyword">if</strong> (parent.isDirectory()
<a class="jxr_linenumber" name="L201" href="#L201">201</a> &amp;&amp; (metadata &amp;&amp; parentName.endsWith(<span class="jxr_string">".dist-info"</span>)
<a class="jxr_linenumber" name="L202" href="#L202">202</a> || parentName.endsWith(<span class="jxr_string">".egg-info"</span>) || <span class="jxr_string">"EGG-INFO"</span>
<a class="jxr_linenumber" name="L203" href="#L203">203</a> .equals(parentName))) {
<a class="jxr_linenumber" name="L204" href="#L204">204</a> collectWheelMetadata(dependency, actualFile);
<a class="jxr_linenumber" name="L205" href="#L205">205</a> }
<a class="jxr_linenumber" name="L206" href="#L206">206</a> }
<a class="jxr_linenumber" name="L207" href="#L207">207</a> }
<a class="jxr_linenumber" name="L208" href="#L208">208</a> }
<a class="jxr_linenumber" name="L209" href="#L209">209</a>
<a class="jxr_linenumber" name="L210" href="#L210">210</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L211" href="#L211">211</a> <em class="jxr_javadoccomment"> * Collects the meta data from an archive.</em>
<a class="jxr_linenumber" name="L212" href="#L212">212</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L213" href="#L213">213</a> <em class="jxr_javadoccomment"> * @param dependency the archive being scanned</em>
<a class="jxr_linenumber" name="L214" href="#L214">214</a> <em class="jxr_javadoccomment"> * @param folderFilter the filter to apply to the folder</em>
<a class="jxr_linenumber" name="L215" href="#L215">215</a> <em class="jxr_javadoccomment"> * @param metadataFilter the filter to apply to the meta data</em>
<a class="jxr_linenumber" name="L216" href="#L216">216</a> <em class="jxr_javadoccomment"> * @throws AnalysisException thrown when there is a problem analyzing the</em>
<a class="jxr_linenumber" name="L217" href="#L217">217</a> <em class="jxr_javadoccomment"> * dependency</em>
<a class="jxr_linenumber" name="L218" href="#L218">218</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L219" href="#L219">219</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> collectMetadataFromArchiveFormat(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency,
<a class="jxr_linenumber" name="L220" href="#L220">220</a> FilenameFilter folderFilter, FilenameFilter metadataFilter)
<a class="jxr_linenumber" name="L221" href="#L221">221</a> <strong class="jxr_keyword">throws</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a> {
<a class="jxr_linenumber" name="L222" href="#L222">222</a> <strong class="jxr_keyword">final</strong> File temp = getNextTempDirectory();
<a class="jxr_linenumber" name="L223" href="#L223">223</a> LOGGER.debug(<span class="jxr_string">"{} exists? {}"</span>, temp, temp.exists());
<a class="jxr_linenumber" name="L224" href="#L224">224</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L225" href="#L225">225</a> ExtractionUtil.extractFilesUsingFilter(
<a class="jxr_linenumber" name="L226" href="#L226">226</a> <strong class="jxr_keyword">new</strong> File(dependency.getActualFilePath()), temp,
<a class="jxr_linenumber" name="L227" href="#L227">227</a> metadataFilter);
<a class="jxr_linenumber" name="L228" href="#L228">228</a> } <strong class="jxr_keyword">catch</strong> (ExtractionException ex) {
<a class="jxr_linenumber" name="L229" href="#L229">229</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(ex);
<a class="jxr_linenumber" name="L230" href="#L230">230</a> }
<a class="jxr_linenumber" name="L231" href="#L231">231</a>
<a class="jxr_linenumber" name="L232" href="#L232">232</a> File matchingFile = getMatchingFile(temp, folderFilter);
<a class="jxr_linenumber" name="L233" href="#L233">233</a> <strong class="jxr_keyword">if</strong> (matchingFile != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="L234" href="#L234">234</a> matchingFile = getMatchingFile(matchingFile, metadataFilter);
<a class="jxr_linenumber" name="L235" href="#L235">235</a> <strong class="jxr_keyword">if</strong> (matchingFile != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="L236" href="#L236">236</a> collectWheelMetadata(dependency, matchingFile);
<a class="jxr_linenumber" name="L237" href="#L237">237</a> }
<a class="jxr_linenumber" name="L238" href="#L238">238</a> }
<a class="jxr_linenumber" name="L239" href="#L239">239</a> }
<a class="jxr_linenumber" name="L240" href="#L240">240</a>
<a class="jxr_linenumber" name="L241" href="#L241">241</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L242" href="#L242">242</a> <em class="jxr_javadoccomment"> * Makes sure a usable temporary directory is available.</em>
<a class="jxr_linenumber" name="L243" href="#L243">243</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L244" href="#L244">244</a> <em class="jxr_javadoccomment"> * @throws InitializationException an AnalyzeException is thrown when the</em>
<a class="jxr_linenumber" name="L245" href="#L245">245</a> <em class="jxr_javadoccomment"> * temp directory cannot be created</em>
<a class="jxr_linenumber" name="L246" href="#L246">246</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L247" href="#L247">247</a> @Override
<a class="jxr_linenumber" name="L248" href="#L248">248</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">void</strong> initializeFileTypeAnalyzer() <strong class="jxr_keyword">throws</strong> InitializationException {
<a class="jxr_linenumber" name="L249" href="#L249">249</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L250" href="#L250">250</a> <strong class="jxr_keyword">final</strong> File baseDir = Settings.getTempDirectory();
<a class="jxr_linenumber" name="L251" href="#L251">251</a> tempFileLocation = File.createTempFile(<span class="jxr_string">"check"</span>, <span class="jxr_string">"tmp"</span>, baseDir);
<a class="jxr_linenumber" name="L252" href="#L252">252</a> <strong class="jxr_keyword">if</strong> (!tempFileLocation.delete()) {
<a class="jxr_linenumber" name="L253" href="#L253">253</a> setEnabled(false);
<a class="jxr_linenumber" name="L254" href="#L254">254</a> <strong class="jxr_keyword">final</strong> String msg = String.format(
<a class="jxr_linenumber" name="L255" href="#L255">255</a> <span class="jxr_string">"Unable to delete temporary file '%s'."</span>,
<a class="jxr_linenumber" name="L256" href="#L256">256</a> tempFileLocation.getAbsolutePath());
<a class="jxr_linenumber" name="L257" href="#L257">257</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/exception/InitializationException.html">InitializationException</a>(msg);
<a class="jxr_linenumber" name="L258" href="#L258">258</a> }
<a class="jxr_linenumber" name="L259" href="#L259">259</a> <strong class="jxr_keyword">if</strong> (!tempFileLocation.mkdirs()) {
<a class="jxr_linenumber" name="L260" href="#L260">260</a> setEnabled(false);
<a class="jxr_linenumber" name="L261" href="#L261">261</a> <strong class="jxr_keyword">final</strong> String msg = String.format(
<a class="jxr_linenumber" name="L262" href="#L262">262</a> <span class="jxr_string">"Unable to create directory '%s'."</span>,
<a class="jxr_linenumber" name="L263" href="#L263">263</a> tempFileLocation.getAbsolutePath());
<a class="jxr_linenumber" name="L264" href="#L264">264</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/exception/InitializationException.html">InitializationException</a>(msg);
<a class="jxr_linenumber" name="L265" href="#L265">265</a> }
<a class="jxr_linenumber" name="L266" href="#L266">266</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
<a class="jxr_linenumber" name="L267" href="#L267">267</a> setEnabled(false);
<a class="jxr_linenumber" name="L268" href="#L268">268</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/exception/InitializationException.html">InitializationException</a>(<span class="jxr_string">"Unable to create a temporary file"</span>, ex);
<a class="jxr_linenumber" name="L269" href="#L269">269</a> }
<a class="jxr_linenumber" name="L270" href="#L270">270</a> }
<a class="jxr_linenumber" name="L271" href="#L271">271</a>
<a class="jxr_linenumber" name="L272" href="#L272">272</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L273" href="#L273">273</a> <em class="jxr_javadoccomment"> * Deletes any files extracted from the Wheel during analysis.</em>
<a class="jxr_linenumber" name="L274" href="#L274">274</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L275" href="#L275">275</a> @Override
<a class="jxr_linenumber" name="L276" href="#L276">276</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> close() {
<a class="jxr_linenumber" name="L277" href="#L277">277</a> <strong class="jxr_keyword">if</strong> (tempFileLocation != <strong class="jxr_keyword">null</strong> &amp;&amp; tempFileLocation.exists()) {
<a class="jxr_linenumber" name="L278" href="#L278">278</a> LOGGER.debug(<span class="jxr_string">"Attempting to delete temporary files"</span>);
<a class="jxr_linenumber" name="L279" href="#L279">279</a> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">boolean</strong> success = FileUtils.delete(tempFileLocation);
<a class="jxr_linenumber" name="L280" href="#L280">280</a> <strong class="jxr_keyword">if</strong> (!success &amp;&amp; tempFileLocation.exists()) {
<a class="jxr_linenumber" name="L281" href="#L281">281</a> <strong class="jxr_keyword">final</strong> String[] l = tempFileLocation.list();
<a class="jxr_linenumber" name="L282" href="#L282">282</a> <strong class="jxr_keyword">if</strong> (l != <strong class="jxr_keyword">null</strong> &amp;&amp; l.length &gt; 0) {
<a class="jxr_linenumber" name="L283" href="#L283">283</a> LOGGER.warn(<span class="jxr_string">"Failed to delete some temporary files, see the log for more details"</span>);
<a class="jxr_linenumber" name="L284" href="#L284">284</a> }
<a class="jxr_linenumber" name="L285" href="#L285">285</a> }
<a class="jxr_linenumber" name="L286" href="#L286">286</a> }
<a class="jxr_linenumber" name="L287" href="#L287">287</a> }
<a class="jxr_linenumber" name="L288" href="#L288">288</a>
<a class="jxr_linenumber" name="L289" href="#L289">289</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L290" href="#L290">290</a> <em class="jxr_javadoccomment"> * Gathers evidence from the METADATA file.</em>
<a class="jxr_linenumber" name="L291" href="#L291">291</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L292" href="#L292">292</a> <em class="jxr_javadoccomment"> * @param dependency the dependency being analyzed</em>
<a class="jxr_linenumber" name="L293" href="#L293">293</a> <em class="jxr_javadoccomment"> * @param file a reference to the manifest/properties file</em>
<a class="jxr_linenumber" name="L294" href="#L294">294</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L295" href="#L295">295</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">void</strong> collectWheelMetadata(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency, File file) {
<a class="jxr_linenumber" name="L296" href="#L296">296</a> <strong class="jxr_keyword">final</strong> InternetHeaders headers = getManifestProperties(file);
<a class="jxr_linenumber" name="L297" href="#L297">297</a> addPropertyToEvidence(headers, dependency.getVersionEvidence(),
<a class="jxr_linenumber" name="L298" href="#L298">298</a> <span class="jxr_string">"Version"</span>, Confidence.HIGHEST);
<a class="jxr_linenumber" name="L299" href="#L299">299</a> addPropertyToEvidence(headers, dependency.getProductEvidence(), <span class="jxr_string">"Name"</span>,
<a class="jxr_linenumber" name="L300" href="#L300">300</a> Confidence.HIGHEST);
<a class="jxr_linenumber" name="L301" href="#L301">301</a> <strong class="jxr_keyword">final</strong> String url = headers.getHeader(<span class="jxr_string">"Home-page"</span>, <strong class="jxr_keyword">null</strong>);
<a class="jxr_linenumber" name="L302" href="#L302">302</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/EvidenceCollection.html">EvidenceCollection</a> vendorEvidence = dependency
<a class="jxr_linenumber" name="L303" href="#L303">303</a> .getVendorEvidence();
<a class="jxr_linenumber" name="L304" href="#L304">304</a> <strong class="jxr_keyword">if</strong> (StringUtils.isNotBlank(url)) {
<a class="jxr_linenumber" name="L305" href="#L305">305</a> <strong class="jxr_keyword">if</strong> (UrlStringUtils.isUrl(url)) {
<a class="jxr_linenumber" name="L306" href="#L306">306</a> vendorEvidence.addEvidence(METADATA, <span class="jxr_string">"vendor"</span>, url,
<a class="jxr_linenumber" name="L307" href="#L307">307</a> Confidence.MEDIUM);
<a class="jxr_linenumber" name="L308" href="#L308">308</a> }
<a class="jxr_linenumber" name="L309" href="#L309">309</a> }
<a class="jxr_linenumber" name="L310" href="#L310">310</a> addPropertyToEvidence(headers, vendorEvidence, <span class="jxr_string">"Author"</span>, Confidence.LOW);
<a class="jxr_linenumber" name="L311" href="#L311">311</a> <strong class="jxr_keyword">final</strong> String summary = headers.getHeader(<span class="jxr_string">"Summary"</span>, <strong class="jxr_keyword">null</strong>);
<a class="jxr_linenumber" name="L312" href="#L312">312</a> <strong class="jxr_keyword">if</strong> (StringUtils.isNotBlank(summary)) {
<a class="jxr_linenumber" name="L313" href="#L313">313</a> <a href="../../../../org/owasp/dependencycheck/analyzer/JarAnalyzer.html">JarAnalyzer</a>
<a class="jxr_linenumber" name="L314" href="#L314">314</a> .addDescription(dependency, summary, METADATA, <span class="jxr_string">"summary"</span>);
<a class="jxr_linenumber" name="L315" href="#L315">315</a> }
<a class="jxr_linenumber" name="L316" href="#L316">316</a> }
<a class="jxr_linenumber" name="L317" href="#L317">317</a>
<a class="jxr_linenumber" name="L318" href="#L318">318</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L319" href="#L319">319</a> <em class="jxr_javadoccomment"> * Adds a value to the evidence collection.</em>
<a class="jxr_linenumber" name="L320" href="#L320">320</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L321" href="#L321">321</a> <em class="jxr_javadoccomment"> * @param headers the properties collection</em>
<a class="jxr_linenumber" name="L322" href="#L322">322</a> <em class="jxr_javadoccomment"> * @param evidence the evidence collection to add the value</em>
<a class="jxr_linenumber" name="L323" href="#L323">323</a> <em class="jxr_javadoccomment"> * @param property the property name</em>
<a class="jxr_linenumber" name="L324" href="#L324">324</a> <em class="jxr_javadoccomment"> * @param confidence the confidence of the evidence</em>
<a class="jxr_linenumber" name="L325" href="#L325">325</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L326" href="#L326">326</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">void</strong> addPropertyToEvidence(InternetHeaders headers,
<a class="jxr_linenumber" name="L327" href="#L327">327</a> <a href="../../../../org/owasp/dependencycheck/dependency/EvidenceCollection.html">EvidenceCollection</a> evidence, String property, <a href="../../../../org/owasp/dependencycheck/dependency/Confidence.html">Confidence</a> confidence) {
<a class="jxr_linenumber" name="L328" href="#L328">328</a> <strong class="jxr_keyword">final</strong> String value = headers.getHeader(property, <strong class="jxr_keyword">null</strong>);
<a class="jxr_linenumber" name="L329" href="#L329">329</a> LOGGER.debug(<span class="jxr_string">"Property: {}, Value: {}"</span>, property, value);
<a class="jxr_linenumber" name="L330" href="#L330">330</a> <strong class="jxr_keyword">if</strong> (StringUtils.isNotBlank(value)) {
<a class="jxr_linenumber" name="L331" href="#L331">331</a> evidence.addEvidence(METADATA, property, value, confidence);
<a class="jxr_linenumber" name="L332" href="#L332">332</a> }
<a class="jxr_linenumber" name="L333" href="#L333">333</a> }
<a class="jxr_linenumber" name="L334" href="#L334">334</a>
<a class="jxr_linenumber" name="L335" href="#L335">335</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L336" href="#L336">336</a> <em class="jxr_javadoccomment"> * Returns a list of files that match the given filter, this does not</em>
<a class="jxr_linenumber" name="L337" href="#L337">337</a> <em class="jxr_javadoccomment"> * recursively scan the directory.</em>
<a class="jxr_linenumber" name="L338" href="#L338">338</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L339" href="#L339">339</a> <em class="jxr_javadoccomment"> * @param folder the folder to filter</em>
<a class="jxr_linenumber" name="L340" href="#L340">340</a> <em class="jxr_javadoccomment"> * @param filter the filter to apply to the files in the directory</em>
<a class="jxr_linenumber" name="L341" href="#L341">341</a> <em class="jxr_javadoccomment"> * @return the list of Files in the directory that match the provided filter</em>
<a class="jxr_linenumber" name="L342" href="#L342">342</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L343" href="#L343">343</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> File getMatchingFile(File folder, FilenameFilter filter) {
<a class="jxr_linenumber" name="L344" href="#L344">344</a> File result = <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="L345" href="#L345">345</a> <strong class="jxr_keyword">final</strong> File[] matches = folder.listFiles(filter);
<a class="jxr_linenumber" name="L346" href="#L346">346</a> <strong class="jxr_keyword">if</strong> (<strong class="jxr_keyword">null</strong> != matches &amp;&amp; 1 == matches.length) {
<a class="jxr_linenumber" name="L347" href="#L347">347</a> result = matches[0];
<a class="jxr_linenumber" name="L348" href="#L348">348</a> }
<a class="jxr_linenumber" name="L349" href="#L349">349</a> <strong class="jxr_keyword">return</strong> result;
<a class="jxr_linenumber" name="L350" href="#L350">350</a> }
<a class="jxr_linenumber" name="L351" href="#L351">351</a>
<a class="jxr_linenumber" name="L352" href="#L352">352</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L353" href="#L353">353</a> <em class="jxr_javadoccomment"> * Reads the manifest entries from the provided file.</em>
<a class="jxr_linenumber" name="L354" href="#L354">354</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L355" href="#L355">355</a> <em class="jxr_javadoccomment"> * @param manifest the manifest</em>
<a class="jxr_linenumber" name="L356" href="#L356">356</a> <em class="jxr_javadoccomment"> * @return the manifest entries</em>
<a class="jxr_linenumber" name="L357" href="#L357">357</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L358" href="#L358">358</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> InternetHeaders getManifestProperties(File manifest) {
<a class="jxr_linenumber" name="L359" href="#L359">359</a> <strong class="jxr_keyword">final</strong> InternetHeaders result = <strong class="jxr_keyword">new</strong> InternetHeaders();
<a class="jxr_linenumber" name="L360" href="#L360">360</a> <strong class="jxr_keyword">if</strong> (<strong class="jxr_keyword">null</strong> == manifest) {
<a class="jxr_linenumber" name="L361" href="#L361">361</a> LOGGER.debug(<span class="jxr_string">"Manifest file not found."</span>);
<a class="jxr_linenumber" name="L362" href="#L362">362</a> } <strong class="jxr_keyword">else</strong> {
<a class="jxr_linenumber" name="L363" href="#L363">363</a> InputStream in = <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="L364" href="#L364">364</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L365" href="#L365">365</a> in = <strong class="jxr_keyword">new</strong> BufferedInputStream(<strong class="jxr_keyword">new</strong> FileInputStream(manifest));
<a class="jxr_linenumber" name="L366" href="#L366">366</a> result.load(in);
<a class="jxr_linenumber" name="L367" href="#L367">367</a> } <strong class="jxr_keyword">catch</strong> (MessagingException e) {
<a class="jxr_linenumber" name="L368" href="#L368">368</a> LOGGER.warn(e.getMessage(), e);
<a class="jxr_linenumber" name="L369" href="#L369">369</a> } <strong class="jxr_keyword">catch</strong> (FileNotFoundException e) {
<a class="jxr_linenumber" name="L370" href="#L370">370</a> LOGGER.warn(e.getMessage(), e);
<a class="jxr_linenumber" name="L371" href="#L371">371</a> } <strong class="jxr_keyword">finally</strong> {
<a class="jxr_linenumber" name="L372" href="#L372">372</a> <strong class="jxr_keyword">if</strong> (in != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="L373" href="#L373">373</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L374" href="#L374">374</a> in.close();
<a class="jxr_linenumber" name="L375" href="#L375">375</a> } <strong class="jxr_keyword">catch</strong> (IOException ex) {
<a class="jxr_linenumber" name="L376" href="#L376">376</a> LOGGER.debug(<span class="jxr_string">"failed to close input stream"</span>, ex);
<a class="jxr_linenumber" name="L377" href="#L377">377</a> }
<a class="jxr_linenumber" name="L378" href="#L378">378</a> }
<a class="jxr_linenumber" name="L379" href="#L379">379</a> }
<a class="jxr_linenumber" name="L380" href="#L380">380</a> }
<a class="jxr_linenumber" name="L381" href="#L381">381</a> <strong class="jxr_keyword">return</strong> result;
<a class="jxr_linenumber" name="L382" href="#L382">382</a> }
<a class="jxr_linenumber" name="L383" href="#L383">383</a>
<a class="jxr_linenumber" name="L384" href="#L384">384</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L385" href="#L385">385</a> <em class="jxr_javadoccomment"> * Retrieves the next temporary destination directory for extracting an</em>
<a class="jxr_linenumber" name="L386" href="#L386">386</a> <em class="jxr_javadoccomment"> * archive.</em>
<a class="jxr_linenumber" name="L387" href="#L387">387</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L388" href="#L388">388</a> <em class="jxr_javadoccomment"> * @return a directory</em>
<a class="jxr_linenumber" name="L389" href="#L389">389</a> <em class="jxr_javadoccomment"> * @throws AnalysisException thrown if unable to create temporary directory</em>
<a class="jxr_linenumber" name="L390" href="#L390">390</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L391" href="#L391">391</a> <strong class="jxr_keyword">private</strong> File getNextTempDirectory() <strong class="jxr_keyword">throws</strong> AnalysisException {
<a class="jxr_linenumber" name="L392" href="#L392">392</a> File directory;
<a class="jxr_linenumber" name="L393" href="#L393">393</a>
<a class="jxr_linenumber" name="L394" href="#L394">394</a> <em class="jxr_comment">// getting an exception for some directories not being able to be</em>
<a class="jxr_linenumber" name="L395" href="#L395">395</a> <em class="jxr_comment">// created; might be because the directory already exists?</em>
<a class="jxr_linenumber" name="L396" href="#L396">396</a> <strong class="jxr_keyword">do</strong> {
<a class="jxr_linenumber" name="L397" href="#L397">397</a> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">int</strong> dirCount = DIR_COUNT.incrementAndGet();
<a class="jxr_linenumber" name="L398" href="#L398">398</a> directory = <strong class="jxr_keyword">new</strong> File(tempFileLocation, String.valueOf(dirCount));
<a class="jxr_linenumber" name="L399" href="#L399">399</a> } <strong class="jxr_keyword">while</strong> (directory.exists());
<a class="jxr_linenumber" name="L400" href="#L400">400</a> <strong class="jxr_keyword">if</strong> (!directory.mkdirs()) {
<a class="jxr_linenumber" name="L401" href="#L401">401</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(String.format(
<a class="jxr_linenumber" name="L402" href="#L402">402</a> <span class="jxr_string">"Unable to create temp directory '%s'."</span>,
<a class="jxr_linenumber" name="L403" href="#L403">403</a> directory.getAbsolutePath()));
<a class="jxr_linenumber" name="L404" href="#L404">404</a> }
<a class="jxr_linenumber" name="L405" href="#L405">405</a> <strong class="jxr_keyword">return</strong> directory;
<a class="jxr_linenumber" name="L406" href="#L406">406</a> }
<a class="jxr_linenumber" name="L407" href="#L407">407</a> }
</pre>
<hr/>
<div id="footer">Copyright &#169; 2012&#x2013;2016 <a href="http://www.owasp.org">OWASP</a>. All rights reserved.</div>

572
xref/org/owasp/dependencycheck/analyzer/PythonPackageAnalyzer.html
View File

@@ -41,295 +41,289 @@
<a class="jxr_linenumber" name="L33" href="#L33">33</a> <strong class="jxr_keyword">import</strong> java.io.FileFilter;
<a class="jxr_linenumber" name="L34" href="#L34">34</a> <strong class="jxr_keyword">import</strong> java.io.IOException;
<a class="jxr_linenumber" name="L35" href="#L35">35</a> <strong class="jxr_keyword">import</strong> java.nio.charset.Charset;
<a class="jxr_linenumber" name="L36" href="#L36">36</a> <strong class="jxr_keyword">import</strong> java.util.ArrayList;
<a class="jxr_linenumber" name="L37" href="#L37">37</a> <strong class="jxr_keyword">import</strong> java.util.List;
<a class="jxr_linenumber" name="L38" href="#L38">38</a> <strong class="jxr_keyword">import</strong> java.util.regex.Matcher;
<a class="jxr_linenumber" name="L39" href="#L39">39</a> <strong class="jxr_keyword">import</strong> java.util.regex.Pattern;
<a class="jxr_linenumber" name="L40" href="#L40">40</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.exception.InitializationException;
<a class="jxr_linenumber" name="L41" href="#L41">41</a>
<a class="jxr_linenumber" name="L42" href="#L42">42</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L43" href="#L43">43</a> <em class="jxr_javadoccomment"> * Used to analyze a Python package, and collect information that can be used to</em>
<a class="jxr_linenumber" name="L44" href="#L44">44</a> <em class="jxr_javadoccomment"> * determine the associated CPE.</em>
<a class="jxr_linenumber" name="L45" href="#L45">45</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L46" href="#L46">46</a> <em class="jxr_javadoccomment"> * @author Dale Visser</em>
<a class="jxr_linenumber" name="L47" href="#L47">47</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L48" href="#L48">48</a> @Experimental
<a class="jxr_linenumber" name="L49" href="#L49">49</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">class</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/PythonPackageAnalyzer.html">PythonPackageAnalyzer</a> <strong class="jxr_keyword">extends</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzer.html">AbstractFileTypeAnalyzer</a> {
<a class="jxr_linenumber" name="L50" href="#L50">50</a>
<a class="jxr_linenumber" name="L51" href="#L51">51</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L52" href="#L52">52</a> <em class="jxr_javadoccomment"> * Used when compiling file scanning regex patterns.</em>
<a class="jxr_linenumber" name="L53" href="#L53">53</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L54" href="#L54">54</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">int</strong> REGEX_OPTIONS = Pattern.DOTALL
<a class="jxr_linenumber" name="L55" href="#L55">55</a> | Pattern.CASE_INSENSITIVE;
<a class="jxr_linenumber" name="L56" href="#L56">56</a>
<a class="jxr_linenumber" name="L57" href="#L57">57</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L58" href="#L58">58</a> <em class="jxr_javadoccomment"> * Filename extensions for files to be analyzed.</em>
<a class="jxr_linenumber" name="L59" href="#L59">59</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L60" href="#L60">60</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String EXTENSIONS = <span class="jxr_string">"py"</span>;
<a class="jxr_linenumber" name="L61" href="#L61">61</a>
<a class="jxr_linenumber" name="L62" href="#L62">62</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L63" href="#L63">63</a> <em class="jxr_javadoccomment"> * Pattern for matching the module docstring in a source file.</em>
<a class="jxr_linenumber" name="L64" href="#L64">64</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L65" href="#L65">65</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Pattern MODULE_DOCSTRING = Pattern.compile(
<a class="jxr_linenumber" name="L66" href="#L66">66</a> <span class="jxr_string">"^(['&#92;&#92;\&quot;]{3})(.*?)&#92;&#92;1"</span>, REGEX_OPTIONS);
<a class="jxr_linenumber" name="L67" href="#L67">67</a>
<a class="jxr_linenumber" name="L68" href="#L68">68</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L69" href="#L69">69</a> <em class="jxr_javadoccomment"> * Matches assignments to version variables in Python source code.</em>
<a class="jxr_linenumber" name="L70" href="#L70">70</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L71" href="#L71">71</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Pattern VERSION_PATTERN = Pattern.compile(
<a class="jxr_linenumber" name="L72" href="#L72">72</a> <span class="jxr_string">"&#92;&#92;b(__)?version(__)? *= *(['\&quot;]+)(&#92;&#92;d+&#92;&#92;.&#92;&#92;d+.*?)&#92;&#92;3"</span>,
<a class="jxr_linenumber" name="L73" href="#L73">73</a> REGEX_OPTIONS);
<a class="jxr_linenumber" name="L74" href="#L74">74</a>
<a class="jxr_linenumber" name="L75" href="#L75">75</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L76" href="#L76">76</a> <em class="jxr_javadoccomment"> * Matches assignments to title variables in Python source code.</em>
<a class="jxr_linenumber" name="L77" href="#L77">77</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L78" href="#L78">78</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Pattern TITLE_PATTERN = compileAssignPattern(<span class="jxr_string">"title"</span>);
<a class="jxr_linenumber" name="L79" href="#L79">79</a>
<a class="jxr_linenumber" name="L80" href="#L80">80</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L81" href="#L81">81</a> <em class="jxr_javadoccomment"> * Matches assignments to summary variables in Python source code.</em>
<a class="jxr_linenumber" name="L82" href="#L82">82</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L83" href="#L83">83</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Pattern SUMMARY_PATTERN = compileAssignPattern(<span class="jxr_string">"summary"</span>);
<a class="jxr_linenumber" name="L84" href="#L84">84</a>
<a class="jxr_linenumber" name="L85" href="#L85">85</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L86" href="#L86">86</a> <em class="jxr_javadoccomment"> * Matches assignments to URL/URL variables in Python source code.</em>
<a class="jxr_linenumber" name="L87" href="#L87">87</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L88" href="#L88">88</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Pattern URI_PATTERN = compileAssignPattern(<span class="jxr_string">"ur[il]"</span>);
<a class="jxr_linenumber" name="L89" href="#L89">89</a>
<a class="jxr_linenumber" name="L90" href="#L90">90</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L91" href="#L91">91</a> <em class="jxr_javadoccomment"> * Matches assignments to home page variables in Python source code.</em>
<a class="jxr_linenumber" name="L92" href="#L92">92</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L93" href="#L93">93</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Pattern HOMEPAGE_PATTERN = compileAssignPattern(<span class="jxr_string">"home_?page"</span>);
<a class="jxr_linenumber" name="L94" href="#L94">94</a>
<a class="jxr_linenumber" name="L95" href="#L95">95</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L96" href="#L96">96</a> <em class="jxr_javadoccomment"> * Matches assignments to author variables in Python source code.</em>
<a class="jxr_linenumber" name="L97" href="#L97">97</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L98" href="#L98">98</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Pattern AUTHOR_PATTERN = compileAssignPattern(<span class="jxr_string">"author"</span>);
<a class="jxr_linenumber" name="L99" href="#L99">99</a>
<a class="jxr_linenumber" name="L100" href="#L100">100</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L101" href="#L101">101</a> <em class="jxr_javadoccomment"> * Filter that detects files named "__init__.py".</em>
<a class="jxr_linenumber" name="L102" href="#L102">102</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L103" href="#L103">103</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> FileFilter INIT_PY_FILTER = <strong class="jxr_keyword">new</strong> NameFileFilter(<span class="jxr_string">"__init__.py"</span>);
<a class="jxr_linenumber" name="L104" href="#L104">104</a>
<a class="jxr_linenumber" name="L105" href="#L105">105</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L106" href="#L106">106</a> <em class="jxr_javadoccomment"> * The file filter for python files.</em>
<a class="jxr_linenumber" name="L107" href="#L107">107</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L108" href="#L108">108</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> FileFilter PY_FILTER = <strong class="jxr_keyword">new</strong> SuffixFileFilter(<span class="jxr_string">".py"</span>);
<a class="jxr_linenumber" name="L109" href="#L109">109</a>
<a class="jxr_linenumber" name="L110" href="#L110">110</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L111" href="#L111">111</a> <em class="jxr_javadoccomment"> * Returns the name of the Python Package Analyzer.</em>
<a class="jxr_linenumber" name="L112" href="#L112">112</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L113" href="#L113">113</a> <em class="jxr_javadoccomment"> * @return the name of the analyzer</em>
<a class="jxr_linenumber" name="L114" href="#L114">114</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L115" href="#L115">115</a> @Override
<a class="jxr_linenumber" name="L116" href="#L116">116</a> <strong class="jxr_keyword">public</strong> String getName() {
<a class="jxr_linenumber" name="L117" href="#L117">117</a> <strong class="jxr_keyword">return</strong> <span class="jxr_string">"Python Package Analyzer"</span>;
<a class="jxr_linenumber" name="L118" href="#L118">118</a> }
<a class="jxr_linenumber" name="L119" href="#L119">119</a>
<a class="jxr_linenumber" name="L120" href="#L120">120</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L121" href="#L121">121</a> <em class="jxr_javadoccomment"> * Tell that we are used for information collection.</em>
<a class="jxr_linenumber" name="L122" href="#L122">122</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L123" href="#L123">123</a> <em class="jxr_javadoccomment"> * @return INFORMATION_COLLECTION</em>
<a class="jxr_linenumber" name="L124" href="#L124">124</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L125" href="#L125">125</a> @Override
<a class="jxr_linenumber" name="L126" href="#L126">126</a> <strong class="jxr_keyword">public</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisPhase.html">AnalysisPhase</a> getAnalysisPhase() {
<a class="jxr_linenumber" name="L127" href="#L127">127</a> <strong class="jxr_keyword">return</strong> AnalysisPhase.INFORMATION_COLLECTION;
<a class="jxr_linenumber" name="L128" href="#L128">128</a> }
<a class="jxr_linenumber" name="L129" href="#L129">129</a>
<a class="jxr_linenumber" name="L130" href="#L130">130</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L131" href="#L131">131</a> <em class="jxr_javadoccomment"> * The file filter used to determine which files this analyzer supports.</em>
<a class="jxr_linenumber" name="L132" href="#L132">132</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L133" href="#L133">133</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> FileFilter FILTER = FileFilterBuilder.newInstance().addExtensions(EXTENSIONS).build();
<a class="jxr_linenumber" name="L134" href="#L134">134</a>
<a class="jxr_linenumber" name="L135" href="#L135">135</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L136" href="#L136">136</a> <em class="jxr_javadoccomment"> * Returns the FileFilter</em>
<a class="jxr_linenumber" name="L137" href="#L137">137</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L138" href="#L138">138</a> <em class="jxr_javadoccomment"> * @return the FileFilter</em>
<a class="jxr_linenumber" name="L139" href="#L139">139</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L140" href="#L140">140</a> @Override
<a class="jxr_linenumber" name="L141" href="#L141">141</a> <strong class="jxr_keyword">protected</strong> FileFilter getFileFilter() {
<a class="jxr_linenumber" name="L142" href="#L142">142</a> <strong class="jxr_keyword">return</strong> FILTER;
<a class="jxr_linenumber" name="L143" href="#L143">143</a> }
<a class="jxr_linenumber" name="L144" href="#L144">144</a>
<a class="jxr_linenumber" name="L145" href="#L145">145</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L146" href="#L146">146</a> <em class="jxr_javadoccomment"> * No-op initializer implementation.</em>
<a class="jxr_linenumber" name="L147" href="#L147">147</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L148" href="#L148">148</a> <em class="jxr_javadoccomment"> * @throws InitializationException never thrown</em>
<a class="jxr_linenumber" name="L149" href="#L149">149</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L150" href="#L150">150</a> @Override
<a class="jxr_linenumber" name="L151" href="#L151">151</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">void</strong> initializeFileTypeAnalyzer() <strong class="jxr_keyword">throws</strong> InitializationException {
<a class="jxr_linenumber" name="L152" href="#L152">152</a> <em class="jxr_comment">// Nothing to do here.</em>
<a class="jxr_linenumber" name="L153" href="#L153">153</a> }
<a class="jxr_linenumber" name="L154" href="#L154">154</a>
<a class="jxr_linenumber" name="L155" href="#L155">155</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L156" href="#L156">156</a> <em class="jxr_javadoccomment"> * Utility function to create a regex pattern matcher.</em>
<a class="jxr_linenumber" name="L157" href="#L157">157</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L158" href="#L158">158</a> <em class="jxr_javadoccomment"> * @param name the value to use when constructing the assignment pattern</em>
<a class="jxr_linenumber" name="L159" href="#L159">159</a> <em class="jxr_javadoccomment"> * @return the compiled Pattern</em>
<a class="jxr_linenumber" name="L160" href="#L160">160</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L161" href="#L161">161</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> Pattern compileAssignPattern(String name) {
<a class="jxr_linenumber" name="L162" href="#L162">162</a> <strong class="jxr_keyword">return</strong> Pattern.compile(
<a class="jxr_linenumber" name="L163" href="#L163">163</a> String.format(<span class="jxr_string">"&#92;&#92;b(__)?%s(__)?&#92;&#92;b *= *(['\&quot;]+)(.*?)&#92;&#92;3"</span>, name),
<a class="jxr_linenumber" name="L164" href="#L164">164</a> REGEX_OPTIONS);
<a class="jxr_linenumber" name="L165" href="#L165">165</a> }
<a class="jxr_linenumber" name="L166" href="#L166">166</a>
<a class="jxr_linenumber" name="L167" href="#L167">167</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L168" href="#L168">168</a> <em class="jxr_javadoccomment"> * Analyzes python packages and adds evidence to the dependency.</em>
<a class="jxr_linenumber" name="L169" href="#L169">169</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L170" href="#L170">170</a> <em class="jxr_javadoccomment"> * @param dependency the dependency being analyzed</em>
<a class="jxr_linenumber" name="L171" href="#L171">171</a> <em class="jxr_javadoccomment"> * @param engine the engine being used to perform the scan</em>
<a class="jxr_linenumber" name="L172" href="#L172">172</a> <em class="jxr_javadoccomment"> * @throws AnalysisException thrown if there is an unrecoverable error</em>
<a class="jxr_linenumber" name="L173" href="#L173">173</a> <em class="jxr_javadoccomment"> * analyzing the dependency</em>
<a class="jxr_linenumber" name="L174" href="#L174">174</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L175" href="#L175">175</a> @Override
<a class="jxr_linenumber" name="L176" href="#L176">176</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">void</strong> analyzeFileType(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency, <a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a> engine)
<a class="jxr_linenumber" name="L177" href="#L177">177</a> <strong class="jxr_keyword">throws</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a> {
<a class="jxr_linenumber" name="L178" href="#L178">178</a> <strong class="jxr_keyword">final</strong> File file = dependency.getActualFile();
<a class="jxr_linenumber" name="L179" href="#L179">179</a> <strong class="jxr_keyword">final</strong> File parent = file.getParentFile();
<a class="jxr_linenumber" name="L180" href="#L180">180</a> <strong class="jxr_keyword">final</strong> String parentName = parent.getName();
<a class="jxr_linenumber" name="L181" href="#L181">181</a> <strong class="jxr_keyword">if</strong> (INIT_PY_FILTER.accept(file)) {
<a class="jxr_linenumber" name="L182" href="#L182">182</a> <em class="jxr_comment">//by definition, the containing folder of __init__.py is considered the package, even the file is empty:</em>
<a class="jxr_linenumber" name="L183" href="#L183">183</a> <em class="jxr_comment">//"The __init__.py files are required to make Python treat the directories as containing packages"</em>
<a class="jxr_linenumber" name="L184" href="#L184">184</a> <em class="jxr_comment">//see section "6.4 Packages" from https://docs.python.org/2/tutorial/modules.html;</em>
<a class="jxr_linenumber" name="L185" href="#L185">185</a> dependency.setDisplayFileName(parentName + <span class="jxr_string">"/__init__.py"</span>);
<a class="jxr_linenumber" name="L186" href="#L186">186</a> dependency.getProductEvidence().addEvidence(file.getName(),
<a class="jxr_linenumber" name="L187" href="#L187">187</a> <span class="jxr_string">"PackageName"</span>, parentName, Confidence.HIGHEST);
<a class="jxr_linenumber" name="L188" href="#L188">188</a>
<a class="jxr_linenumber" name="L189" href="#L189">189</a> <strong class="jxr_keyword">final</strong> File[] fileList = parent.listFiles(PY_FILTER);
<a class="jxr_linenumber" name="L190" href="#L190">190</a> <strong class="jxr_keyword">if</strong> (fileList != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="L191" href="#L191">191</a> <strong class="jxr_keyword">for</strong> (<strong class="jxr_keyword">final</strong> File sourceFile : fileList) {
<a class="jxr_linenumber" name="L192" href="#L192">192</a> analyzeFileContents(dependency, sourceFile);
<a class="jxr_linenumber" name="L193" href="#L193">193</a> }
<a class="jxr_linenumber" name="L194" href="#L194">194</a> }
<a class="jxr_linenumber" name="L195" href="#L195">195</a> } <strong class="jxr_keyword">else</strong> {
<a class="jxr_linenumber" name="L196" href="#L196">196</a> <em class="jxr_comment">// copy, alter and set in case some other thread is iterating over</em>
<a class="jxr_linenumber" name="L197" href="#L197">197</a> <strong class="jxr_keyword">final</strong> List&lt;Dependency&gt; dependencies = <strong class="jxr_keyword">new</strong> ArrayList&lt;Dependency&gt;(
<a class="jxr_linenumber" name="L198" href="#L198">198</a> engine.getDependencies());
<a class="jxr_linenumber" name="L199" href="#L199">199</a> dependencies.remove(dependency);
<a class="jxr_linenumber" name="L200" href="#L200">200</a> engine.setDependencies(dependencies);
<a class="jxr_linenumber" name="L201" href="#L201">201</a> }
<a class="jxr_linenumber" name="L202" href="#L202">202</a> }
<a class="jxr_linenumber" name="L203" href="#L203">203</a>
<a class="jxr_linenumber" name="L204" href="#L204">204</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L205" href="#L205">205</a> <em class="jxr_javadoccomment"> * This should gather information from leading docstrings, file comments,</em>
<a class="jxr_linenumber" name="L206" href="#L206">206</a> <em class="jxr_javadoccomment"> * and assignments to __version__, __title__, __summary__, __uri__, __url__,</em>
<a class="jxr_linenumber" name="L207" href="#L207">207</a> <em class="jxr_javadoccomment"> * __home*page__, __author__, and their all caps equivalents.</em>
<a class="jxr_linenumber" name="L208" href="#L208">208</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L209" href="#L209">209</a> <em class="jxr_javadoccomment"> * @param dependency the dependency being analyzed</em>
<a class="jxr_linenumber" name="L210" href="#L210">210</a> <em class="jxr_javadoccomment"> * @param file the file name to analyze</em>
<a class="jxr_linenumber" name="L211" href="#L211">211</a> <em class="jxr_javadoccomment"> * @return whether evidence was found</em>
<a class="jxr_linenumber" name="L212" href="#L212">212</a> <em class="jxr_javadoccomment"> * @throws AnalysisException thrown if there is an unrecoverable error</em>
<a class="jxr_linenumber" name="L213" href="#L213">213</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L214" href="#L214">214</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">boolean</strong> analyzeFileContents(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency, File file)
<a class="jxr_linenumber" name="L215" href="#L215">215</a> <strong class="jxr_keyword">throws</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a> {
<a class="jxr_linenumber" name="L216" href="#L216">216</a> String contents;
<a class="jxr_linenumber" name="L217" href="#L217">217</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L218" href="#L218">218</a> contents = FileUtils.readFileToString(file, Charset.defaultCharset()).trim();
<a class="jxr_linenumber" name="L219" href="#L219">219</a> } <strong class="jxr_keyword">catch</strong> (IOException e) {
<a class="jxr_linenumber" name="L220" href="#L220">220</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(
<a class="jxr_linenumber" name="L221" href="#L221">221</a> <span class="jxr_string">"Problem occurred while reading dependency file."</span>, e);
<a class="jxr_linenumber" name="L222" href="#L222">222</a> }
<a class="jxr_linenumber" name="L223" href="#L223">223</a> <strong class="jxr_keyword">boolean</strong> found = false;
<a class="jxr_linenumber" name="L224" href="#L224">224</a> <strong class="jxr_keyword">if</strong> (!contents.isEmpty()) {
<a class="jxr_linenumber" name="L225" href="#L225">225</a> <strong class="jxr_keyword">final</strong> String source = file.getName();
<a class="jxr_linenumber" name="L226" href="#L226">226</a> found = gatherEvidence(VERSION_PATTERN, contents, source,
<a class="jxr_linenumber" name="L227" href="#L227">227</a> dependency.getVersionEvidence(), <span class="jxr_string">"SourceVersion"</span>,
<a class="jxr_linenumber" name="L228" href="#L228">228</a> Confidence.MEDIUM);
<a class="jxr_linenumber" name="L229" href="#L229">229</a> found |= addSummaryInfo(dependency, SUMMARY_PATTERN, 4, contents,
<a class="jxr_linenumber" name="L230" href="#L230">230</a> source, <span class="jxr_string">"summary"</span>);
<a class="jxr_linenumber" name="L231" href="#L231">231</a> <strong class="jxr_keyword">if</strong> (INIT_PY_FILTER.accept(file)) {
<a class="jxr_linenumber" name="L232" href="#L232">232</a> found |= addSummaryInfo(dependency, MODULE_DOCSTRING, 2,
<a class="jxr_linenumber" name="L233" href="#L233">233</a> contents, source, <span class="jxr_string">"docstring"</span>);
<a class="jxr_linenumber" name="L234" href="#L234">234</a> }
<a class="jxr_linenumber" name="L235" href="#L235">235</a> found |= gatherEvidence(TITLE_PATTERN, contents, source,
<a class="jxr_linenumber" name="L236" href="#L236">236</a> dependency.getProductEvidence(), <span class="jxr_string">"SourceTitle"</span>,
<a class="jxr_linenumber" name="L237" href="#L237">237</a> Confidence.LOW);
<a class="jxr_linenumber" name="L238" href="#L238">238</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/EvidenceCollection.html">EvidenceCollection</a> vendorEvidence = dependency
<a class="jxr_linenumber" name="L239" href="#L239">239</a> .getVendorEvidence();
<a class="jxr_linenumber" name="L240" href="#L240">240</a> found |= gatherEvidence(AUTHOR_PATTERN, contents, source,
<a class="jxr_linenumber" name="L241" href="#L241">241</a> vendorEvidence, <span class="jxr_string">"SourceAuthor"</span>, Confidence.MEDIUM);
<a class="jxr_linenumber" name="L242" href="#L242">242</a> found |= gatherHomePageEvidence(URI_PATTERN, vendorEvidence,
<a class="jxr_linenumber" name="L243" href="#L243">243</a> source, <span class="jxr_string">"URL"</span>, contents);
<a class="jxr_linenumber" name="L244" href="#L244">244</a> found |= gatherHomePageEvidence(HOMEPAGE_PATTERN,
<a class="jxr_linenumber" name="L245" href="#L245">245</a> vendorEvidence, source, <span class="jxr_string">"HomePage"</span>, contents);
<a class="jxr_linenumber" name="L246" href="#L246">246</a> }
<a class="jxr_linenumber" name="L247" href="#L247">247</a> <strong class="jxr_keyword">return</strong> found;
<a class="jxr_linenumber" name="L248" href="#L248">248</a> }
<a class="jxr_linenumber" name="L249" href="#L249">249</a>
<a class="jxr_linenumber" name="L250" href="#L250">250</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L251" href="#L251">251</a> <em class="jxr_javadoccomment"> * Adds summary information to the dependency</em>
<a class="jxr_linenumber" name="L252" href="#L252">252</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L253" href="#L253">253</a> <em class="jxr_javadoccomment"> * @param dependency the dependency being analyzed</em>
<a class="jxr_linenumber" name="L254" href="#L254">254</a> <em class="jxr_javadoccomment"> * @param pattern the pattern used to perform analysis</em>
<a class="jxr_linenumber" name="L255" href="#L255">255</a> <em class="jxr_javadoccomment"> * @param group the group from the pattern that indicates the data to use</em>
<a class="jxr_linenumber" name="L256" href="#L256">256</a> <em class="jxr_javadoccomment"> * @param contents the data being analyzed</em>
<a class="jxr_linenumber" name="L257" href="#L257">257</a> <em class="jxr_javadoccomment"> * @param source the source name to use when recording the evidence</em>
<a class="jxr_linenumber" name="L258" href="#L258">258</a> <em class="jxr_javadoccomment"> * @param key the key name to use when recording the evidence</em>
<a class="jxr_linenumber" name="L259" href="#L259">259</a> <em class="jxr_javadoccomment"> * @return true if evidence was collected; otherwise false</em>
<a class="jxr_linenumber" name="L260" href="#L260">260</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L261" href="#L261">261</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">boolean</strong> addSummaryInfo(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency, Pattern pattern,
<a class="jxr_linenumber" name="L262" href="#L262">262</a> <strong class="jxr_keyword">int</strong> group, String contents, String source, String key) {
<a class="jxr_linenumber" name="L263" href="#L263">263</a> <strong class="jxr_keyword">final</strong> Matcher matcher = pattern.matcher(contents);
<a class="jxr_linenumber" name="L264" href="#L264">264</a> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">boolean</strong> found = matcher.find();
<a class="jxr_linenumber" name="L265" href="#L265">265</a> <strong class="jxr_keyword">if</strong> (found) {
<a class="jxr_linenumber" name="L266" href="#L266">266</a> JarAnalyzer.addDescription(dependency, matcher.group(group),
<a class="jxr_linenumber" name="L267" href="#L267">267</a> source, key);
<a class="jxr_linenumber" name="L268" href="#L268">268</a> }
<a class="jxr_linenumber" name="L269" href="#L269">269</a> <strong class="jxr_keyword">return</strong> found;
<a class="jxr_linenumber" name="L270" href="#L270">270</a> }
<a class="jxr_linenumber" name="L271" href="#L271">271</a>
<a class="jxr_linenumber" name="L272" href="#L272">272</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L273" href="#L273">273</a> <em class="jxr_javadoccomment"> * Collects evidence from the home page URL.</em>
<a class="jxr_linenumber" name="L274" href="#L274">274</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L275" href="#L275">275</a> <em class="jxr_javadoccomment"> * @param pattern the pattern to match</em>
<a class="jxr_linenumber" name="L276" href="#L276">276</a> <em class="jxr_javadoccomment"> * @param evidence the evidence collection to add the evidence to</em>
<a class="jxr_linenumber" name="L277" href="#L277">277</a> <em class="jxr_javadoccomment"> * @param source the source of the evidence</em>
<a class="jxr_linenumber" name="L278" href="#L278">278</a> <em class="jxr_javadoccomment"> * @param name the name of the evidence</em>
<a class="jxr_linenumber" name="L279" href="#L279">279</a> <em class="jxr_javadoccomment"> * @param contents the home page URL</em>
<a class="jxr_linenumber" name="L280" href="#L280">280</a> <em class="jxr_javadoccomment"> * @return true if evidence was collected; otherwise false</em>
<a class="jxr_linenumber" name="L281" href="#L281">281</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L282" href="#L282">282</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">boolean</strong> gatherHomePageEvidence(Pattern pattern,
<a class="jxr_linenumber" name="L283" href="#L283">283</a> <a href="../../../../org/owasp/dependencycheck/dependency/EvidenceCollection.html">EvidenceCollection</a> evidence, String source, String name,
<a class="jxr_linenumber" name="L284" href="#L284">284</a> String contents) {
<a class="jxr_linenumber" name="L285" href="#L285">285</a> <strong class="jxr_keyword">final</strong> Matcher matcher = pattern.matcher(contents);
<a class="jxr_linenumber" name="L286" href="#L286">286</a> <strong class="jxr_keyword">boolean</strong> found = false;
<a class="jxr_linenumber" name="L287" href="#L287">287</a> <strong class="jxr_keyword">if</strong> (matcher.find()) {
<a class="jxr_linenumber" name="L288" href="#L288">288</a> <strong class="jxr_keyword">final</strong> String url = matcher.group(4);
<a class="jxr_linenumber" name="L289" href="#L289">289</a> <strong class="jxr_keyword">if</strong> (UrlStringUtils.isUrl(url)) {
<a class="jxr_linenumber" name="L290" href="#L290">290</a> found = <strong class="jxr_keyword">true</strong>;
<a class="jxr_linenumber" name="L291" href="#L291">291</a> evidence.addEvidence(source, name, url, Confidence.MEDIUM);
<a class="jxr_linenumber" name="L292" href="#L292">292</a> }
<a class="jxr_linenumber" name="L293" href="#L293">293</a> }
<a class="jxr_linenumber" name="L294" href="#L294">294</a> <strong class="jxr_keyword">return</strong> found;
<a class="jxr_linenumber" name="L295" href="#L295">295</a> }
<a class="jxr_linenumber" name="L296" href="#L296">296</a>
<a class="jxr_linenumber" name="L297" href="#L297">297</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L298" href="#L298">298</a> <em class="jxr_javadoccomment"> * Gather evidence from a Python source file using the given string</em>
<a class="jxr_linenumber" name="L299" href="#L299">299</a> <em class="jxr_javadoccomment"> * assignment regex pattern.</em>
<a class="jxr_linenumber" name="L300" href="#L300">300</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L301" href="#L301">301</a> <em class="jxr_javadoccomment"> * @param pattern to scan contents with</em>
<a class="jxr_linenumber" name="L302" href="#L302">302</a> <em class="jxr_javadoccomment"> * @param contents of Python source file</em>
<a class="jxr_linenumber" name="L303" href="#L303">303</a> <em class="jxr_javadoccomment"> * @param source for storing evidence</em>
<a class="jxr_linenumber" name="L304" href="#L304">304</a> <em class="jxr_javadoccomment"> * @param evidence to store evidence in</em>
<a class="jxr_linenumber" name="L305" href="#L305">305</a> <em class="jxr_javadoccomment"> * @param name of evidence</em>
<a class="jxr_linenumber" name="L306" href="#L306">306</a> <em class="jxr_javadoccomment"> * @param confidence in evidence</em>
<a class="jxr_linenumber" name="L307" href="#L307">307</a> <em class="jxr_javadoccomment"> * @return whether evidence was found</em>
<a class="jxr_linenumber" name="L308" href="#L308">308</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L309" href="#L309">309</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">boolean</strong> gatherEvidence(Pattern pattern, String contents,
<a class="jxr_linenumber" name="L310" href="#L310">310</a> String source, <a href="../../../../org/owasp/dependencycheck/dependency/EvidenceCollection.html">EvidenceCollection</a> evidence, String name,
<a class="jxr_linenumber" name="L311" href="#L311">311</a> <a href="../../../../org/owasp/dependencycheck/dependency/Confidence.html">Confidence</a> confidence) {
<a class="jxr_linenumber" name="L312" href="#L312">312</a> <strong class="jxr_keyword">final</strong> Matcher matcher = pattern.matcher(contents);
<a class="jxr_linenumber" name="L313" href="#L313">313</a> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">boolean</strong> found = matcher.find();
<a class="jxr_linenumber" name="L314" href="#L314">314</a> <strong class="jxr_keyword">if</strong> (found) {
<a class="jxr_linenumber" name="L315" href="#L315">315</a> evidence.addEvidence(source, name, matcher.group(4), confidence);
<a class="jxr_linenumber" name="L316" href="#L316">316</a> }
<a class="jxr_linenumber" name="L317" href="#L317">317</a> <strong class="jxr_keyword">return</strong> found;
<a class="jxr_linenumber" name="L318" href="#L318">318</a> }
<a class="jxr_linenumber" name="L319" href="#L319">319</a>
<a class="jxr_linenumber" name="L320" href="#L320">320</a> @Override
<a class="jxr_linenumber" name="L321" href="#L321">321</a> <strong class="jxr_keyword">protected</strong> String getAnalyzerEnabledSettingKey() {
<a class="jxr_linenumber" name="L322" href="#L322">322</a> <strong class="jxr_keyword">return</strong> Settings.KEYS.ANALYZER_PYTHON_PACKAGE_ENABLED;
<a class="jxr_linenumber" name="L323" href="#L323">323</a> }
<a class="jxr_linenumber" name="L324" href="#L324">324</a> }
<a class="jxr_linenumber" name="L36" href="#L36">36</a> <strong class="jxr_keyword">import</strong> java.util.regex.Matcher;
<a class="jxr_linenumber" name="L37" href="#L37">37</a> <strong class="jxr_keyword">import</strong> java.util.regex.Pattern;
<a class="jxr_linenumber" name="L38" href="#L38">38</a> <strong class="jxr_keyword">import</strong> org.owasp.dependencycheck.exception.InitializationException;
<a class="jxr_linenumber" name="L39" href="#L39">39</a>
<a class="jxr_linenumber" name="L40" href="#L40">40</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L41" href="#L41">41</a> <em class="jxr_javadoccomment"> * Used to analyze a Python package, and collect information that can be used to</em>
<a class="jxr_linenumber" name="L42" href="#L42">42</a> <em class="jxr_javadoccomment"> * determine the associated CPE.</em>
<a class="jxr_linenumber" name="L43" href="#L43">43</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L44" href="#L44">44</a> <em class="jxr_javadoccomment"> * @author Dale Visser</em>
<a class="jxr_linenumber" name="L45" href="#L45">45</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L46" href="#L46">46</a> @Experimental
<a class="jxr_linenumber" name="L47" href="#L47">47</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">class</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/PythonPackageAnalyzer.html">PythonPackageAnalyzer</a> <strong class="jxr_keyword">extends</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AbstractFileTypeAnalyzer.html">AbstractFileTypeAnalyzer</a> {
<a class="jxr_linenumber" name="L48" href="#L48">48</a>
<a class="jxr_linenumber" name="L49" href="#L49">49</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L50" href="#L50">50</a> <em class="jxr_javadoccomment"> * Used when compiling file scanning regex patterns.</em>
<a class="jxr_linenumber" name="L51" href="#L51">51</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L52" href="#L52">52</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">int</strong> REGEX_OPTIONS = Pattern.DOTALL
<a class="jxr_linenumber" name="L53" href="#L53">53</a> | Pattern.CASE_INSENSITIVE;
<a class="jxr_linenumber" name="L54" href="#L54">54</a>
<a class="jxr_linenumber" name="L55" href="#L55">55</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L56" href="#L56">56</a> <em class="jxr_javadoccomment"> * Filename extensions for files to be analyzed.</em>
<a class="jxr_linenumber" name="L57" href="#L57">57</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L58" href="#L58">58</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> String EXTENSIONS = <span class="jxr_string">"py"</span>;
<a class="jxr_linenumber" name="L59" href="#L59">59</a>
<a class="jxr_linenumber" name="L60" href="#L60">60</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L61" href="#L61">61</a> <em class="jxr_javadoccomment"> * Pattern for matching the module docstring in a source file.</em>
<a class="jxr_linenumber" name="L62" href="#L62">62</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L63" href="#L63">63</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Pattern MODULE_DOCSTRING = Pattern.compile(
<a class="jxr_linenumber" name="L64" href="#L64">64</a> <span class="jxr_string">"^(['&#92;&#92;\&quot;]{3})(.*?)&#92;&#92;1"</span>, REGEX_OPTIONS);
<a class="jxr_linenumber" name="L65" href="#L65">65</a>
<a class="jxr_linenumber" name="L66" href="#L66">66</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L67" href="#L67">67</a> <em class="jxr_javadoccomment"> * Matches assignments to version variables in Python source code.</em>
<a class="jxr_linenumber" name="L68" href="#L68">68</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L69" href="#L69">69</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Pattern VERSION_PATTERN = Pattern.compile(
<a class="jxr_linenumber" name="L70" href="#L70">70</a> <span class="jxr_string">"&#92;&#92;b(__)?version(__)? *= *(['\&quot;]+)(&#92;&#92;d+&#92;&#92;.&#92;&#92;d+.*?)&#92;&#92;3"</span>,
<a class="jxr_linenumber" name="L71" href="#L71">71</a> REGEX_OPTIONS);
<a class="jxr_linenumber" name="L72" href="#L72">72</a>
<a class="jxr_linenumber" name="L73" href="#L73">73</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L74" href="#L74">74</a> <em class="jxr_javadoccomment"> * Matches assignments to title variables in Python source code.</em>
<a class="jxr_linenumber" name="L75" href="#L75">75</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L76" href="#L76">76</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Pattern TITLE_PATTERN = compileAssignPattern(<span class="jxr_string">"title"</span>);
<a class="jxr_linenumber" name="L77" href="#L77">77</a>
<a class="jxr_linenumber" name="L78" href="#L78">78</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L79" href="#L79">79</a> <em class="jxr_javadoccomment"> * Matches assignments to summary variables in Python source code.</em>
<a class="jxr_linenumber" name="L80" href="#L80">80</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L81" href="#L81">81</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Pattern SUMMARY_PATTERN = compileAssignPattern(<span class="jxr_string">"summary"</span>);
<a class="jxr_linenumber" name="L82" href="#L82">82</a>
<a class="jxr_linenumber" name="L83" href="#L83">83</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L84" href="#L84">84</a> <em class="jxr_javadoccomment"> * Matches assignments to URL/URL variables in Python source code.</em>
<a class="jxr_linenumber" name="L85" href="#L85">85</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L86" href="#L86">86</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Pattern URI_PATTERN = compileAssignPattern(<span class="jxr_string">"ur[il]"</span>);
<a class="jxr_linenumber" name="L87" href="#L87">87</a>
<a class="jxr_linenumber" name="L88" href="#L88">88</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L89" href="#L89">89</a> <em class="jxr_javadoccomment"> * Matches assignments to home page variables in Python source code.</em>
<a class="jxr_linenumber" name="L90" href="#L90">90</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L91" href="#L91">91</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Pattern HOMEPAGE_PATTERN = compileAssignPattern(<span class="jxr_string">"home_?page"</span>);
<a class="jxr_linenumber" name="L92" href="#L92">92</a>
<a class="jxr_linenumber" name="L93" href="#L93">93</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L94" href="#L94">94</a> <em class="jxr_javadoccomment"> * Matches assignments to author variables in Python source code.</em>
<a class="jxr_linenumber" name="L95" href="#L95">95</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L96" href="#L96">96</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> Pattern AUTHOR_PATTERN = compileAssignPattern(<span class="jxr_string">"author"</span>);
<a class="jxr_linenumber" name="L97" href="#L97">97</a>
<a class="jxr_linenumber" name="L98" href="#L98">98</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L99" href="#L99">99</a> <em class="jxr_javadoccomment"> * Filter that detects files named "__init__.py".</em>
<a class="jxr_linenumber" name="L100" href="#L100">100</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L101" href="#L101">101</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> FileFilter INIT_PY_FILTER = <strong class="jxr_keyword">new</strong> NameFileFilter(<span class="jxr_string">"__init__.py"</span>);
<a class="jxr_linenumber" name="L102" href="#L102">102</a>
<a class="jxr_linenumber" name="L103" href="#L103">103</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L104" href="#L104">104</a> <em class="jxr_javadoccomment"> * The file filter for python files.</em>
<a class="jxr_linenumber" name="L105" href="#L105">105</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L106" href="#L106">106</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> FileFilter PY_FILTER = <strong class="jxr_keyword">new</strong> SuffixFileFilter(<span class="jxr_string">".py"</span>);
<a class="jxr_linenumber" name="L107" href="#L107">107</a>
<a class="jxr_linenumber" name="L108" href="#L108">108</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L109" href="#L109">109</a> <em class="jxr_javadoccomment"> * Returns the name of the Python Package Analyzer.</em>
<a class="jxr_linenumber" name="L110" href="#L110">110</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L111" href="#L111">111</a> <em class="jxr_javadoccomment"> * @return the name of the analyzer</em>
<a class="jxr_linenumber" name="L112" href="#L112">112</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L113" href="#L113">113</a> @Override
<a class="jxr_linenumber" name="L114" href="#L114">114</a> <strong class="jxr_keyword">public</strong> String getName() {
<a class="jxr_linenumber" name="L115" href="#L115">115</a> <strong class="jxr_keyword">return</strong> <span class="jxr_string">"Python Package Analyzer"</span>;
<a class="jxr_linenumber" name="L116" href="#L116">116</a> }
<a class="jxr_linenumber" name="L117" href="#L117">117</a>
<a class="jxr_linenumber" name="L118" href="#L118">118</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L119" href="#L119">119</a> <em class="jxr_javadoccomment"> * Tell that we are used for information collection.</em>
<a class="jxr_linenumber" name="L120" href="#L120">120</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L121" href="#L121">121</a> <em class="jxr_javadoccomment"> * @return INFORMATION_COLLECTION</em>
<a class="jxr_linenumber" name="L122" href="#L122">122</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L123" href="#L123">123</a> @Override
<a class="jxr_linenumber" name="L124" href="#L124">124</a> <strong class="jxr_keyword">public</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/AnalysisPhase.html">AnalysisPhase</a> getAnalysisPhase() {
<a class="jxr_linenumber" name="L125" href="#L125">125</a> <strong class="jxr_keyword">return</strong> AnalysisPhase.INFORMATION_COLLECTION;
<a class="jxr_linenumber" name="L126" href="#L126">126</a> }
<a class="jxr_linenumber" name="L127" href="#L127">127</a>
<a class="jxr_linenumber" name="L128" href="#L128">128</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L129" href="#L129">129</a> <em class="jxr_javadoccomment"> * The file filter used to determine which files this analyzer supports.</em>
<a class="jxr_linenumber" name="L130" href="#L130">130</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L131" href="#L131">131</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> <strong class="jxr_keyword">final</strong> FileFilter FILTER = FileFilterBuilder.newInstance().addExtensions(EXTENSIONS).build();
<a class="jxr_linenumber" name="L132" href="#L132">132</a>
<a class="jxr_linenumber" name="L133" href="#L133">133</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L134" href="#L134">134</a> <em class="jxr_javadoccomment"> * Returns the FileFilter</em>
<a class="jxr_linenumber" name="L135" href="#L135">135</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L136" href="#L136">136</a> <em class="jxr_javadoccomment"> * @return the FileFilter</em>
<a class="jxr_linenumber" name="L137" href="#L137">137</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L138" href="#L138">138</a> @Override
<a class="jxr_linenumber" name="L139" href="#L139">139</a> <strong class="jxr_keyword">protected</strong> FileFilter getFileFilter() {
<a class="jxr_linenumber" name="L140" href="#L140">140</a> <strong class="jxr_keyword">return</strong> FILTER;
<a class="jxr_linenumber" name="L141" href="#L141">141</a> }
<a class="jxr_linenumber" name="L142" href="#L142">142</a>
<a class="jxr_linenumber" name="L143" href="#L143">143</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L144" href="#L144">144</a> <em class="jxr_javadoccomment"> * No-op initializer implementation.</em>
<a class="jxr_linenumber" name="L145" href="#L145">145</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L146" href="#L146">146</a> <em class="jxr_javadoccomment"> * @throws InitializationException never thrown</em>
<a class="jxr_linenumber" name="L147" href="#L147">147</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L148" href="#L148">148</a> @Override
<a class="jxr_linenumber" name="L149" href="#L149">149</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">void</strong> initializeFileTypeAnalyzer() <strong class="jxr_keyword">throws</strong> InitializationException {
<a class="jxr_linenumber" name="L150" href="#L150">150</a> <em class="jxr_comment">// Nothing to do here.</em>
<a class="jxr_linenumber" name="L151" href="#L151">151</a> }
<a class="jxr_linenumber" name="L152" href="#L152">152</a>
<a class="jxr_linenumber" name="L153" href="#L153">153</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L154" href="#L154">154</a> <em class="jxr_javadoccomment"> * Utility function to create a regex pattern matcher.</em>
<a class="jxr_linenumber" name="L155" href="#L155">155</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L156" href="#L156">156</a> <em class="jxr_javadoccomment"> * @param name the value to use when constructing the assignment pattern</em>
<a class="jxr_linenumber" name="L157" href="#L157">157</a> <em class="jxr_javadoccomment"> * @return the compiled Pattern</em>
<a class="jxr_linenumber" name="L158" href="#L158">158</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L159" href="#L159">159</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">static</strong> Pattern compileAssignPattern(String name) {
<a class="jxr_linenumber" name="L160" href="#L160">160</a> <strong class="jxr_keyword">return</strong> Pattern.compile(
<a class="jxr_linenumber" name="L161" href="#L161">161</a> String.format(<span class="jxr_string">"&#92;&#92;b(__)?%s(__)?&#92;&#92;b *= *(['\&quot;]+)(.*?)&#92;&#92;3"</span>, name),
<a class="jxr_linenumber" name="L162" href="#L162">162</a> REGEX_OPTIONS);
<a class="jxr_linenumber" name="L163" href="#L163">163</a> }
<a class="jxr_linenumber" name="L164" href="#L164">164</a>
<a class="jxr_linenumber" name="L165" href="#L165">165</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L166" href="#L166">166</a> <em class="jxr_javadoccomment"> * Analyzes python packages and adds evidence to the dependency.</em>
<a class="jxr_linenumber" name="L167" href="#L167">167</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L168" href="#L168">168</a> <em class="jxr_javadoccomment"> * @param dependency the dependency being analyzed</em>
<a class="jxr_linenumber" name="L169" href="#L169">169</a> <em class="jxr_javadoccomment"> * @param engine the engine being used to perform the scan</em>
<a class="jxr_linenumber" name="L170" href="#L170">170</a> <em class="jxr_javadoccomment"> * @throws AnalysisException thrown if there is an unrecoverable error</em>
<a class="jxr_linenumber" name="L171" href="#L171">171</a> <em class="jxr_javadoccomment"> * analyzing the dependency</em>
<a class="jxr_linenumber" name="L172" href="#L172">172</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L173" href="#L173">173</a> @Override
<a class="jxr_linenumber" name="L174" href="#L174">174</a> <strong class="jxr_keyword">protected</strong> <strong class="jxr_keyword">void</strong> analyzeFileType(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency, <a href="../../../../org/owasp/dependencycheck/Engine.html">Engine</a> engine)
<a class="jxr_linenumber" name="L175" href="#L175">175</a> <strong class="jxr_keyword">throws</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a> {
<a class="jxr_linenumber" name="L176" href="#L176">176</a> <strong class="jxr_keyword">final</strong> File file = dependency.getActualFile();
<a class="jxr_linenumber" name="L177" href="#L177">177</a> <strong class="jxr_keyword">final</strong> File parent = file.getParentFile();
<a class="jxr_linenumber" name="L178" href="#L178">178</a> <strong class="jxr_keyword">final</strong> String parentName = parent.getName();
<a class="jxr_linenumber" name="L179" href="#L179">179</a> <strong class="jxr_keyword">if</strong> (INIT_PY_FILTER.accept(file)) {
<a class="jxr_linenumber" name="L180" href="#L180">180</a> <em class="jxr_comment">//by definition, the containing folder of __init__.py is considered the package, even the file is empty:</em>
<a class="jxr_linenumber" name="L181" href="#L181">181</a> <em class="jxr_comment">//"The __init__.py files are required to make Python treat the directories as containing packages"</em>
<a class="jxr_linenumber" name="L182" href="#L182">182</a> <em class="jxr_comment">//see section "6.4 Packages" from https://docs.python.org/2/tutorial/modules.html;</em>
<a class="jxr_linenumber" name="L183" href="#L183">183</a> dependency.setDisplayFileName(parentName + <span class="jxr_string">"/__init__.py"</span>);
<a class="jxr_linenumber" name="L184" href="#L184">184</a> dependency.getProductEvidence().addEvidence(file.getName(),
<a class="jxr_linenumber" name="L185" href="#L185">185</a> <span class="jxr_string">"PackageName"</span>, parentName, Confidence.HIGHEST);
<a class="jxr_linenumber" name="L186" href="#L186">186</a>
<a class="jxr_linenumber" name="L187" href="#L187">187</a> <strong class="jxr_keyword">final</strong> File[] fileList = parent.listFiles(PY_FILTER);
<a class="jxr_linenumber" name="L188" href="#L188">188</a> <strong class="jxr_keyword">if</strong> (fileList != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="L189" href="#L189">189</a> <strong class="jxr_keyword">for</strong> (<strong class="jxr_keyword">final</strong> File sourceFile : fileList) {
<a class="jxr_linenumber" name="L190" href="#L190">190</a> analyzeFileContents(dependency, sourceFile);
<a class="jxr_linenumber" name="L191" href="#L191">191</a> }
<a class="jxr_linenumber" name="L192" href="#L192">192</a> }
<a class="jxr_linenumber" name="L193" href="#L193">193</a> } <strong class="jxr_keyword">else</strong> {
<a class="jxr_linenumber" name="L194" href="#L194">194</a> engine.getDependencies().remove(dependency);
<a class="jxr_linenumber" name="L195" href="#L195">195</a> }
<a class="jxr_linenumber" name="L196" href="#L196">196</a> }
<a class="jxr_linenumber" name="L197" href="#L197">197</a>
<a class="jxr_linenumber" name="L198" href="#L198">198</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L199" href="#L199">199</a> <em class="jxr_javadoccomment"> * This should gather information from leading docstrings, file comments,</em>
<a class="jxr_linenumber" name="L200" href="#L200">200</a> <em class="jxr_javadoccomment"> * and assignments to __version__, __title__, __summary__, __uri__, __url__,</em>
<a class="jxr_linenumber" name="L201" href="#L201">201</a> <em class="jxr_javadoccomment"> * __home*page__, __author__, and their all caps equivalents.</em>
<a class="jxr_linenumber" name="L202" href="#L202">202</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L203" href="#L203">203</a> <em class="jxr_javadoccomment"> * @param dependency the dependency being analyzed</em>
<a class="jxr_linenumber" name="L204" href="#L204">204</a> <em class="jxr_javadoccomment"> * @param file the file name to analyze</em>
<a class="jxr_linenumber" name="L205" href="#L205">205</a> <em class="jxr_javadoccomment"> * @return whether evidence was found</em>
<a class="jxr_linenumber" name="L206" href="#L206">206</a> <em class="jxr_javadoccomment"> * @throws AnalysisException thrown if there is an unrecoverable error</em>
<a class="jxr_linenumber" name="L207" href="#L207">207</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L208" href="#L208">208</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">boolean</strong> analyzeFileContents(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency, File file)
<a class="jxr_linenumber" name="L209" href="#L209">209</a> <strong class="jxr_keyword">throws</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a> {
<a class="jxr_linenumber" name="L210" href="#L210">210</a> String contents;
<a class="jxr_linenumber" name="L211" href="#L211">211</a> <strong class="jxr_keyword">try</strong> {
<a class="jxr_linenumber" name="L212" href="#L212">212</a> contents = FileUtils.readFileToString(file, Charset.defaultCharset()).trim();
<a class="jxr_linenumber" name="L213" href="#L213">213</a> } <strong class="jxr_keyword">catch</strong> (IOException e) {
<a class="jxr_linenumber" name="L214" href="#L214">214</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(
<a class="jxr_linenumber" name="L215" href="#L215">215</a> <span class="jxr_string">"Problem occurred while reading dependency file."</span>, e);
<a class="jxr_linenumber" name="L216" href="#L216">216</a> }
<a class="jxr_linenumber" name="L217" href="#L217">217</a> <strong class="jxr_keyword">boolean</strong> found = false;
<a class="jxr_linenumber" name="L218" href="#L218">218</a> <strong class="jxr_keyword">if</strong> (!contents.isEmpty()) {
<a class="jxr_linenumber" name="L219" href="#L219">219</a> <strong class="jxr_keyword">final</strong> String source = file.getName();
<a class="jxr_linenumber" name="L220" href="#L220">220</a> found = gatherEvidence(VERSION_PATTERN, contents, source,
<a class="jxr_linenumber" name="L221" href="#L221">221</a> dependency.getVersionEvidence(), <span class="jxr_string">"SourceVersion"</span>,
<a class="jxr_linenumber" name="L222" href="#L222">222</a> Confidence.MEDIUM);
<a class="jxr_linenumber" name="L223" href="#L223">223</a> found |= addSummaryInfo(dependency, SUMMARY_PATTERN, 4, contents,
<a class="jxr_linenumber" name="L224" href="#L224">224</a> source, <span class="jxr_string">"summary"</span>);
<a class="jxr_linenumber" name="L225" href="#L225">225</a> <strong class="jxr_keyword">if</strong> (INIT_PY_FILTER.accept(file)) {
<a class="jxr_linenumber" name="L226" href="#L226">226</a> found |= addSummaryInfo(dependency, MODULE_DOCSTRING, 2,
<a class="jxr_linenumber" name="L227" href="#L227">227</a> contents, source, <span class="jxr_string">"docstring"</span>);
<a class="jxr_linenumber" name="L228" href="#L228">228</a> }
<a class="jxr_linenumber" name="L229" href="#L229">229</a> found |= gatherEvidence(TITLE_PATTERN, contents, source,
<a class="jxr_linenumber" name="L230" href="#L230">230</a> dependency.getProductEvidence(), <span class="jxr_string">"SourceTitle"</span>,
<a class="jxr_linenumber" name="L231" href="#L231">231</a> Confidence.LOW);
<a class="jxr_linenumber" name="L232" href="#L232">232</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/EvidenceCollection.html">EvidenceCollection</a> vendorEvidence = dependency
<a class="jxr_linenumber" name="L233" href="#L233">233</a> .getVendorEvidence();
<a class="jxr_linenumber" name="L234" href="#L234">234</a> found |= gatherEvidence(AUTHOR_PATTERN, contents, source,
<a class="jxr_linenumber" name="L235" href="#L235">235</a> vendorEvidence, <span class="jxr_string">"SourceAuthor"</span>, Confidence.MEDIUM);
<a class="jxr_linenumber" name="L236" href="#L236">236</a> found |= gatherHomePageEvidence(URI_PATTERN, vendorEvidence,
<a class="jxr_linenumber" name="L237" href="#L237">237</a> source, <span class="jxr_string">"URL"</span>, contents);
<a class="jxr_linenumber" name="L238" href="#L238">238</a> found |= gatherHomePageEvidence(HOMEPAGE_PATTERN,
<a class="jxr_linenumber" name="L239" href="#L239">239</a> vendorEvidence, source, <span class="jxr_string">"HomePage"</span>, contents);
<a class="jxr_linenumber" name="L240" href="#L240">240</a> }
<a class="jxr_linenumber" name="L241" href="#L241">241</a> <strong class="jxr_keyword">return</strong> found;
<a class="jxr_linenumber" name="L242" href="#L242">242</a> }
<a class="jxr_linenumber" name="L243" href="#L243">243</a>
<a class="jxr_linenumber" name="L244" href="#L244">244</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L245" href="#L245">245</a> <em class="jxr_javadoccomment"> * Adds summary information to the dependency</em>
<a class="jxr_linenumber" name="L246" href="#L246">246</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L247" href="#L247">247</a> <em class="jxr_javadoccomment"> * @param dependency the dependency being analyzed</em>
<a class="jxr_linenumber" name="L248" href="#L248">248</a> <em class="jxr_javadoccomment"> * @param pattern the pattern used to perform analysis</em>
<a class="jxr_linenumber" name="L249" href="#L249">249</a> <em class="jxr_javadoccomment"> * @param group the group from the pattern that indicates the data to use</em>
<a class="jxr_linenumber" name="L250" href="#L250">250</a> <em class="jxr_javadoccomment"> * @param contents the data being analyzed</em>
<a class="jxr_linenumber" name="L251" href="#L251">251</a> <em class="jxr_javadoccomment"> * @param source the source name to use when recording the evidence</em>
<a class="jxr_linenumber" name="L252" href="#L252">252</a> <em class="jxr_javadoccomment"> * @param key the key name to use when recording the evidence</em>
<a class="jxr_linenumber" name="L253" href="#L253">253</a> <em class="jxr_javadoccomment"> * @return true if evidence was collected; otherwise false</em>
<a class="jxr_linenumber" name="L254" href="#L254">254</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L255" href="#L255">255</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">boolean</strong> addSummaryInfo(<a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> dependency, Pattern pattern,
<a class="jxr_linenumber" name="L256" href="#L256">256</a> <strong class="jxr_keyword">int</strong> group, String contents, String source, String key) {
<a class="jxr_linenumber" name="L257" href="#L257">257</a> <strong class="jxr_keyword">final</strong> Matcher matcher = pattern.matcher(contents);
<a class="jxr_linenumber" name="L258" href="#L258">258</a> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">boolean</strong> found = matcher.find();
<a class="jxr_linenumber" name="L259" href="#L259">259</a> <strong class="jxr_keyword">if</strong> (found) {
<a class="jxr_linenumber" name="L260" href="#L260">260</a> JarAnalyzer.addDescription(dependency, matcher.group(group),
<a class="jxr_linenumber" name="L261" href="#L261">261</a> source, key);
<a class="jxr_linenumber" name="L262" href="#L262">262</a> }
<a class="jxr_linenumber" name="L263" href="#L263">263</a> <strong class="jxr_keyword">return</strong> found;
<a class="jxr_linenumber" name="L264" href="#L264">264</a> }
<a class="jxr_linenumber" name="L265" href="#L265">265</a>
<a class="jxr_linenumber" name="L266" href="#L266">266</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L267" href="#L267">267</a> <em class="jxr_javadoccomment"> * Collects evidence from the home page URL.</em>
<a class="jxr_linenumber" name="L268" href="#L268">268</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L269" href="#L269">269</a> <em class="jxr_javadoccomment"> * @param pattern the pattern to match</em>
<a class="jxr_linenumber" name="L270" href="#L270">270</a> <em class="jxr_javadoccomment"> * @param evidence the evidence collection to add the evidence to</em>
<a class="jxr_linenumber" name="L271" href="#L271">271</a> <em class="jxr_javadoccomment"> * @param source the source of the evidence</em>
<a class="jxr_linenumber" name="L272" href="#L272">272</a> <em class="jxr_javadoccomment"> * @param name the name of the evidence</em>
<a class="jxr_linenumber" name="L273" href="#L273">273</a> <em class="jxr_javadoccomment"> * @param contents the home page URL</em>
<a class="jxr_linenumber" name="L274" href="#L274">274</a> <em class="jxr_javadoccomment"> * @return true if evidence was collected; otherwise false</em>
<a class="jxr_linenumber" name="L275" href="#L275">275</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L276" href="#L276">276</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">boolean</strong> gatherHomePageEvidence(Pattern pattern,
<a class="jxr_linenumber" name="L277" href="#L277">277</a> <a href="../../../../org/owasp/dependencycheck/dependency/EvidenceCollection.html">EvidenceCollection</a> evidence, String source, String name,
<a class="jxr_linenumber" name="L278" href="#L278">278</a> String contents) {
<a class="jxr_linenumber" name="L279" href="#L279">279</a> <strong class="jxr_keyword">final</strong> Matcher matcher = pattern.matcher(contents);
<a class="jxr_linenumber" name="L280" href="#L280">280</a> <strong class="jxr_keyword">boolean</strong> found = false;
<a class="jxr_linenumber" name="L281" href="#L281">281</a> <strong class="jxr_keyword">if</strong> (matcher.find()) {
<a class="jxr_linenumber" name="L282" href="#L282">282</a> <strong class="jxr_keyword">final</strong> String url = matcher.group(4);
<a class="jxr_linenumber" name="L283" href="#L283">283</a> <strong class="jxr_keyword">if</strong> (UrlStringUtils.isUrl(url)) {
<a class="jxr_linenumber" name="L284" href="#L284">284</a> found = <strong class="jxr_keyword">true</strong>;
<a class="jxr_linenumber" name="L285" href="#L285">285</a> evidence.addEvidence(source, name, url, Confidence.MEDIUM);
<a class="jxr_linenumber" name="L286" href="#L286">286</a> }
<a class="jxr_linenumber" name="L287" href="#L287">287</a> }
<a class="jxr_linenumber" name="L288" href="#L288">288</a> <strong class="jxr_keyword">return</strong> found;
<a class="jxr_linenumber" name="L289" href="#L289">289</a> }
<a class="jxr_linenumber" name="L290" href="#L290">290</a>
<a class="jxr_linenumber" name="L291" href="#L291">291</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L292" href="#L292">292</a> <em class="jxr_javadoccomment"> * Gather evidence from a Python source file using the given string</em>
<a class="jxr_linenumber" name="L293" href="#L293">293</a> <em class="jxr_javadoccomment"> * assignment regex pattern.</em>
<a class="jxr_linenumber" name="L294" href="#L294">294</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L295" href="#L295">295</a> <em class="jxr_javadoccomment"> * @param pattern to scan contents with</em>
<a class="jxr_linenumber" name="L296" href="#L296">296</a> <em class="jxr_javadoccomment"> * @param contents of Python source file</em>
<a class="jxr_linenumber" name="L297" href="#L297">297</a> <em class="jxr_javadoccomment"> * @param source for storing evidence</em>
<a class="jxr_linenumber" name="L298" href="#L298">298</a> <em class="jxr_javadoccomment"> * @param evidence to store evidence in</em>
<a class="jxr_linenumber" name="L299" href="#L299">299</a> <em class="jxr_javadoccomment"> * @param name of evidence</em>
<a class="jxr_linenumber" name="L300" href="#L300">300</a> <em class="jxr_javadoccomment"> * @param confidence in evidence</em>
<a class="jxr_linenumber" name="L301" href="#L301">301</a> <em class="jxr_javadoccomment"> * @return whether evidence was found</em>
<a class="jxr_linenumber" name="L302" href="#L302">302</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L303" href="#L303">303</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">boolean</strong> gatherEvidence(Pattern pattern, String contents,
<a class="jxr_linenumber" name="L304" href="#L304">304</a> String source, <a href="../../../../org/owasp/dependencycheck/dependency/EvidenceCollection.html">EvidenceCollection</a> evidence, String name,
<a class="jxr_linenumber" name="L305" href="#L305">305</a> <a href="../../../../org/owasp/dependencycheck/dependency/Confidence.html">Confidence</a> confidence) {
<a class="jxr_linenumber" name="L306" href="#L306">306</a> <strong class="jxr_keyword">final</strong> Matcher matcher = pattern.matcher(contents);
<a class="jxr_linenumber" name="L307" href="#L307">307</a> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">boolean</strong> found = matcher.find();
<a class="jxr_linenumber" name="L308" href="#L308">308</a> <strong class="jxr_keyword">if</strong> (found) {
<a class="jxr_linenumber" name="L309" href="#L309">309</a> evidence.addEvidence(source, name, matcher.group(4), confidence);
<a class="jxr_linenumber" name="L310" href="#L310">310</a> }
<a class="jxr_linenumber" name="L311" href="#L311">311</a> <strong class="jxr_keyword">return</strong> found;
<a class="jxr_linenumber" name="L312" href="#L312">312</a> }
<a class="jxr_linenumber" name="L313" href="#L313">313</a>
<a class="jxr_linenumber" name="L314" href="#L314">314</a> @Override
<a class="jxr_linenumber" name="L315" href="#L315">315</a> <strong class="jxr_keyword">protected</strong> String getAnalyzerEnabledSettingKey() {
<a class="jxr_linenumber" name="L316" href="#L316">316</a> <strong class="jxr_keyword">return</strong> Settings.KEYS.ANALYZER_PYTHON_PACKAGE_ENABLED;
<a class="jxr_linenumber" name="L317" href="#L317">317</a> }
<a class="jxr_linenumber" name="L318" href="#L318">318</a> }
</pre>
<hr/>
<div id="footer">Copyright &#169; 2012&#x2013;2016 <a href="http://www.owasp.org">OWASP</a>. All rights reserved.</div>

2
xref/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzer.html
View File

@@ -294,7 +294,7 @@
<a class="jxr_linenumber" name="L286" href="#L286">286</a> } <strong class="jxr_keyword">catch</strong> (InterruptedException ie) {
<a class="jxr_linenumber" name="L287" href="#L287">287</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(<span class="jxr_string">"bundle-audit process interrupted"</span>, ie);
<a class="jxr_linenumber" name="L288" href="#L288">288</a> }
<a class="jxr_linenumber" name="L289" href="#L289">289</a> <strong class="jxr_keyword">if</strong> (exitValue != 0) {
<a class="jxr_linenumber" name="L289" href="#L289">289</a> <strong class="jxr_keyword">if</strong> (exitValue &lt; 0 || exitValue &gt; 1) {
<a class="jxr_linenumber" name="L290" href="#L290">290</a> <strong class="jxr_keyword">final</strong> String msg = String.format(<span class="jxr_string">"Unexpected exit code from bundle-audit process; exit code: %s"</span>, exitValue);
<a class="jxr_linenumber" name="L291" href="#L291">291</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> <a href="../../../../org/owasp/dependencycheck/analyzer/exception/AnalysisException.html">AnalysisException</a>(msg);
<a class="jxr_linenumber" name="L292" href="#L292">292</a> }

2
xref/org/owasp/dependencycheck/analyzer/exception/package-frame.html
View File

@@ -3,7 +3,7 @@
<html xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<title>Dependency-Check 1.4.3 Reference Package org.owasp.dependencycheck.analyzer.exception</title>
<title>Dependency-Check 1.4.4 Reference Package org.owasp.dependencycheck.analyzer.exception</title>
<link rel="stylesheet" type="text/css" href="../../../../../stylesheet.css" title="style" />
</head>
<body>

2
xref/org/owasp/dependencycheck/analyzer/exception/package-summary.html
View File

@@ -3,7 +3,7 @@
<html xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<title>Dependency-Check 1.4.3 Reference Package org.owasp.dependencycheck.analyzer.exception</title>
<title>Dependency-Check 1.4.4 Reference Package org.owasp.dependencycheck.analyzer.exception</title>
<link rel="stylesheet" type="text/css" href="../../../../../stylesheet.css" title="style" />
</head>
<body>

2
xref/org/owasp/dependencycheck/analyzer/package-frame.html
View File

@@ -3,7 +3,7 @@
<html xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<title>Dependency-Check 1.4.3 Reference Package org.owasp.dependencycheck.analyzer</title>
<title>Dependency-Check 1.4.4 Reference Package org.owasp.dependencycheck.analyzer</title>
<link rel="stylesheet" type="text/css" href="../../../../stylesheet.css" title="style" />
</head>
<body>

2
xref/org/owasp/dependencycheck/analyzer/package-summary.html
View File

@@ -3,7 +3,7 @@
<html xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<title>Dependency-Check 1.4.3 Reference Package org.owasp.dependencycheck.analyzer</title>
<title>Dependency-Check 1.4.4 Reference Package org.owasp.dependencycheck.analyzer</title>
<link rel="stylesheet" type="text/css" href="../../../../stylesheet.css" title="style" />
</head>
<body>